fix(cors): Do not override default CORS headers

postalsys · Oct 31, 2023 · e5a2f50 · e5a2f50
1 parent 9a3aec3
commit e5a2f50
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/workers/api.js b/workers/api.js
@@ -208,9 +208,8 @@ const CORS_CONFIG = !CORS_ORIGINS
                   )
               ) || ['*']
           ),
-          headers: ['Authorization'],
-          exposedHeaders: ['Accept'],
-          additionalExposedHeaders: [],
+          additionalHeaders: ['X-EE-Timeout'],
+          additionalExposedHeaders: ['Accept'],
           preflightStatusCode: 204,
           maxAge:
               getDuration(readEnvValue('EENGINE_CORS_MAX_AGE') || (config.cors && config.cors.maxAge), {