Remove raw CORS headers (#857)

#855 missed a case where CORS headers are explicitly set. This remaining code results in multiple copies of the `Access-Control-Allow-Origin` header, which is not valid.
connectrpc · Apr 12, 2024 · 053625a · 053625a
1 parent ed6b1e3
commit 053625a
Showing 1 changed file with 0 additions and 2 deletions.
diff --git a/internal/app/referenceserver/impl.go b/internal/app/referenceserver/impl.go
@@ -619,8 +619,6 @@ func makeRawGRPCWebResponse(err *connect.Error, contentType string, headers, tra
 		Headers: append(
 			headers,
 			&conformancev1.Header{Name: "Content-Type", Value: []string{contentType}},
-			&conformancev1.Header{Name: "Access-Control-Allow-Origin", Value: []string{"*"}},
-			&conformancev1.Header{Name: "Access-Control-Expose-Headers", Value: []string{"*"}},
 		),
 		Body: &conformancev1.RawHTTPResponse_Stream{
 			Stream: &conformancev1.StreamContents{