fix: allow all headers on cors (#3653)

juspay · Feb 15, 2024 · 64bf815 · 64bf815
1 parent 2d4f6b3
commit 64bf815
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/crates/router/src/cors.rs b/crates/router/src/cors.rs
@@ -7,6 +7,7 @@ pub fn cors(config: settings::CorsSettings) -> actix_cors::Cors {
 
     let mut cors = actix_cors::Cors::default()
         .allowed_methods(allowed_methods)
+        .allow_any_header()
         .max_age(config.max_age);
 
     if config.wildcard_origin {
@@ -15,6 +16,8 @@ pub fn cors(config: settings::CorsSettings) -> actix_cors::Cors {
         for origin in &config.origins {
             cors = cors.allowed_origin(origin);
         }
+        // Only allow this in case if it's not wildcard origins. ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
+        cors = cors.supports_credentials();
     }
 
     cors