We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 997db30 commit 7aebf09Copy full SHA for 7aebf09
1 file changed
worker/src/middleware/auth.ts
@@ -70,7 +70,7 @@ export async function cors(c: Context, next: Next) {
70
headers: {
71
'Access-Control-Allow-Origin': '*',
72
'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
73
- 'Access-Control-Allow-Headers': 'Content-Type, Authorization, X-API-Key',
+ 'Access-Control-Allow-Headers': 'Content-Type, Authorization, X-API-Key, X-CSRF-Token',
74
'Access-Control-Max-Age': '86400',
75
},
76
});
@@ -81,7 +81,7 @@ export async function cors(c: Context, next: Next) {
81
// Add CORS headers to response
82
c.res.headers.set('Access-Control-Allow-Origin', '*');
83
c.res.headers.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
84
- c.res.headers.set('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key');
+ c.res.headers.set('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, X-CSRF-Token');
85
}
86
87
// Export hash function for use in auth routes
0 commit comments