[API] Allow all headers in CORS policy (#11657) (#11694)

aptos-labs · Jan 19, 2024 · 69f8827 · 69f8827
1 parent 6623132
commit 69f8827
Showing 1 changed file with 2 additions and 8 deletions.
diff --git a/api/src/runtime.rs b/api/src/runtime.rs
@@ -9,15 +9,14 @@ use crate::{
     view_function::ViewFunctionApi,
 };
 use anyhow::Context as AnyhowContext;
-use aptos_api_types::X_APTOS_CLIENT;
 use aptos_config::config::{ApiConfig, NodeConfig};
 use aptos_logger::info;
 use aptos_mempool::MempoolClientSender;
 use aptos_storage_interface::DbReader;
 use aptos_types::chain_id::ChainId;
 use poem::{
     handler,
-    http::{header, Method},
+    http::Method,
     listener::{Listener, RustlsCertificate, RustlsConfig, TcpListener},
     middleware::Cors,
     web::Html,
@@ -194,12 +193,7 @@ pub fn attach_poem_to_runtime(
             // routing in the LB) we must enable this:
             // https://stackoverflow.com/a/24689738/3846032
             .allow_credentials(true)
-            .allow_methods(vec![Method::GET, Method::POST])
-            .allow_headers(vec![
-                header::HeaderName::from_static(X_APTOS_CLIENT),
-                header::CONTENT_TYPE,
-                header::ACCEPT,
-            ]);
+            .allow_methods(vec![Method::GET, Method::POST]);
 
         // Build routes for the API
         let route = Route::new()