dataproviders have to set cors headers

butonic · butonic · commit a9f0c2a737ab · 2024-02-08T16:44:04.000+01:00
Signed-off-by: Jörn Friedrich Dreyer &lt;jfd@butonic.de&gt;
diff --git a/internal/http/services/datagateway/datagateway.go b/internal/http/services/datagateway/datagateway.go
@@ -135,7 +135,6 @@ func (s *svc) setHandler() {
 		r = r.WithContext(ctx)
 		switch r.Method {
 		case "HEAD":
-			addCorsHeader(w)
 			s.doHead(w, r)
 			return
 		case "GET":
@@ -157,13 +156,6 @@ func (s *svc) setHandler() {
 	})
 }
 
-func addCorsHeader(res http.ResponseWriter) {
-	headers := res.Header()
-	headers.Set("Access-Control-Allow-Origin", "*")
-	headers.Set("Access-Control-Allow-Headers", "Content-Type, Origin, Authorization")
-	headers.Set("Access-Control-Allow-Methods", "GET, POST, OPTIONS, HEAD")
-}
-
 func (s *svc) verify(ctx context.Context, r *http.Request) (*transferClaims, error) {
 	// Extract transfer token from request header. If not existing, assume that it's the last path segment instead.
 	token := r.Header.Get(TokenTransportHeader)
