don't set the headers.

MikeNeilson · MikeNeilson · commit b7d13e1b7e47 · 2025-10-22T20:00:29.000Z
diff --git a/cwms-data-api/src/main/java/cwms/cda/ApiServlet.java b/cwms-data-api/src/main/java/cwms/cda/ApiServlet.java
@@ -504,9 +504,10 @@ public void init() {
                 })
                 .routes(this::configureRoutes)
                 .options("/*", ctx -> {
-                    ctx.header("Access-Control-Allow-Origin", "*"); // Allow requests from any origin
-                    ctx.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // Specify allowed methods
-                    ctx.header("Access-Control-Allow-Headers", "Content-Type, Authorization"); // Specify allowed headers
+                    // set by WAF and not correctly override
+                    // ctx.header("Access-Control-Allow-Origin", "*"); // Allow requests from any origin
+                    // ctx.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // Specify allowed methods
+                    // ctx.header("Access-Control-Allow-Headers", "Content-Type, Authorization"); // Specify allowed headers
                     ctx.status(200); // Respond with a 200 OK status
                 })
                 .javalinServlet();
