remove missed header

lunny · lunny · commit 485acf93b4f0 · 2022-04-08T10:43:04.000+08:00
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
@@ -605,7 +605,7 @@ func Routes() *web.Route {
 			// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
 			AllowedMethods:   setting.CORSConfig.Methods,
 			AllowCredentials: setting.CORSConfig.AllowCredentials,
-			AllowedHeaders:   []string{"Authorization", "X-CSRFToken", "X-Gitea-OTP"},
+			AllowedHeaders:   []string{"Authorization", "X-Gitea-OTP"},
 			MaxAge:           int(setting.CORSConfig.MaxAge.Seconds()),
 		}))
 	}

Original file line number	Diff line number	Diff line change
`@@ -605,7 +605,7 @@ func Routes() *web.Route {`
`605`	`605`	`// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option`
`606`	`606`	`AllowedMethods: setting.CORSConfig.Methods,`
`607`	`607`	`AllowCredentials: setting.CORSConfig.AllowCredentials,`
`608`		`- AllowedHeaders: []string{"Authorization", "X-CSRFToken", "X-Gitea-OTP"},`
	`608`	`+ AllowedHeaders: []string{"Authorization", "X-Gitea-OTP"},`
`609`	`609`	`MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),`
`610`	`610`	`}))`
`611`	`611`	`}`