security: remove cors
I traced this back to a commit from 2014! 781495e662
This commit is contained in:
Girish Ramakrishnan
@@ -59,7 +59,6 @@ async function initializeExpressSync() {
|
||||
// the timeout middleware will respond with a 503. the request itself cannot be 'aborted' and will continue
|
||||
// search for req.clearTimeout in route handlers to see places where this timeout is reset
|
||||
.use(middleware.timeout(REQUEST_TIMEOUT, { respond: true }))
|
||||
.use(middleware.cors({ origins: [ '*' ], allowCredentials: false }))
|
||||
.use((req, res , next) => {
|
||||
// we store our route resources, like app,volumes,... in req.resources. Those are added in the load() routes
|
||||
req.resources = {};
|
||||
|
||||
Reference in New Issue
Block a user