CORS Error with Custom Headers

[fenriskiba]

We tried implementing the functionality for PR #300, but ran into a CORS Error when we tried to call it. It looks like Flagr is not including some of the required CORS Headers in the preflight call responses because the User ID Header being a new Custom header:

I think it is an issue with the CORS Configs getting hardcoded in middleware.go with a set list of Allowed Headers. If so, it should be fairly easy to convert that (and maybe a couple other CORS Configs) to be populated by a Env Config, but I wanted to check if that made sense as the problem before starting the process on our side to contribute that change.

[marceloboeira]

I've always ran flagr under a Nginx instance and I would solve such issues on that level, but it seems like a fair usage if you don't want to delegate to a proxy/lb. @zhouzhuojie any thoughts?

[fenriskiba]

facepalm
We encountered this in a local environment with a local instance of Flagr. We do have a proxy layer we can handle it with that I forgot to take into account.

I'd definitely still like to get this fixed so we don't have to deal with running the proxy in that local environment though, but that does make this a lot lower priority for us.

[zhouzhuojie]

Yep, makes sense. I have a PR to config CORS