From fb1f0aa4c318fcae5fcf1db6a6bde82bde042cc8 Mon Sep 17 00:00:00 2001
From: Matt Johnson-Pint <mjp@hypermode.com>
Date: Tue, 7 May 2024 21:29:16 -0700
Subject: [PATCH 1/2] Update CORS options

---
 server/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index 6f09a12d..c514d8f2 100644
--- a/server/server.go
+++ b/server/server.go
@@ -88,7 +88,7 @@ func GetHandlerMux() http.Handler {
 
 	// Add CORS support to all endpoints.
 	c := cors.New(cors.Options{
-		AllowCredentials: true,
+		AllowedHeaders: []string{"Authorization", "Content-Type"},
 	})
 
 	return c.Handler(mux)

From ac78abde15539087199c0c94351d446d8b05fa13 Mon Sep 17 00:00:00 2001
From: Matt Johnson-Pint <mjp@hypermode.com>
Date: Tue, 7 May 2024 21:32:11 -0700
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 80b6cd27..c2f482ae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Change Log
 
+## UNRELEASED
+
+- Remove `Access-Control-Allow-Credentials`. Add `Access-Control-Request-Headers`. [#180](https://github.com/gohypermode/runtime/pull/180)
+
 ## 2024-05-07 - Version 0.6.5
 
 - Add `Access-Control-Allow-Credentials` in CORS preflight [#177](https://github.com/gohypermode/runtime/pull/177)