From 59c5e2c1d9f388f7ec86bd565452014b326eef2b Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Sat, 25 Jun 2022 10:36:37 -0500
Subject: [PATCH] Allow custom headers in requests

---
 server/Auth.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/Auth.js b/server/Auth.js
index 08198169..9736e1fd 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -20,7 +20,9 @@ class Auth {
   cors(req, res, next) {
     res.header('Access-Control-Allow-Origin', '*')
     res.header("Access-Control-Allow-Methods", 'GET, POST, PATCH, PUT, DELETE, OPTIONS')
-    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding, Range, Authorization")
+    res.header('Access-Control-Allow-Headers', '*')
+    // TODO: Make sure allowing all headers is not a security concern. It is required for adding custom headers for SSO
+    // res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding, Range, Authorization")
     res.header('Access-Control-Allow-Credentials', true)
     if (req.method === 'OPTIONS') {
       res.sendStatus(200)