Update default allowed CORS headers (#8459)

X-CustomHeader looks more like an example than a header we would want to accept in production. Added Range as a useful header that enables operations on resources that can be fetched in chunks.
2022-05-04 14:11:51 +02:00 · 2022-05-04 14:11:51 +02:00 · 3230638160
commit 3230638160
parent 9c288ee2c2
4 changed files with 4 additions and 4 deletions
--- a/test/e2e/annotations/cors.go
+++ b/test/e2e/annotations/cors.go
@ -45,7 +45,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 			func(server string) bool {
 				return strings.Contains(server, "more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';") &&
 					strings.Contains(server, "more_set_headers 'Access-Control-Allow-Origin: $http_origin';") &&
-					strings.Contains(server, "more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';") &&
+					strings.Contains(server, "more_set_headers 'Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';") &&
 					strings.Contains(server, "more_set_headers 'Access-Control-Max-Age: 1728000';") &&
 					strings.Contains(server, "more_set_headers 'Access-Control-Allow-Credentials: true';") &&
 					strings.Contains(server, "set $http_origin *;") &&