remove CORS headers from apache config to be handled in code instead

pdsinterop · Sep 2, 2022 · 123a442 · 123a442
1 parent 1c4fad1
commit 123a442
Showing 1 changed file with 0 additions and 10 deletions.
diff --git a/site.conf b/site.conf
@@ -6,14 +6,4 @@
     SSLEngine on
     SSLCertificateFile "/tls/server.cert"
     SSLCertificateKeyFile "/tls/server.key"
-
-    Header always set Access-Control-Allow-Origin *
-    SetEnvIf Origin "(.+)" AccessControlAllowOrigin=$0
-    Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
-
-    Header always set Access-Control-Allow-Credentials true
-    Header always set Access-Control-Allow-Headers "*, allow, accept, authorization, content-type, dpop, slug"
-    Header always set Access-Control-Allow-Methods "GET, PUT, POST, OPTIONS, DELETE, PATCH"
-    Header always set Accept-Patch: text/n3
-    Header always set Access-Control-Expose-Headers "Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, MS-Author-Via"
 </VirtualHost>