[BUG] Listing Origin as an allowed request header is unnecessary

### Is there an existing issue for this?

- [X] I have searched the existing issues

### Current Behavior

The middleware [lists `Origin` as an allowed request header](https://github.com/gorilla/handlers/blob/fc9305756b095d6a0aede51f06fc85933647a25f/cors.go#L31). However, listing `Origin` is never necessary because that header is added to requests by the browser, [never by the client](https://fetch.spec.whatwg.org/#forbidden-request-header).

### Expected Behavior

Not listing `Origin` as an allowed request header.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] Listing Origin as an allowed request header is unnecessary #245

Is there an existing issue for this?

Current Behavior

Expected Behavior

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] Listing Origin as an allowed request header is unnecessary #245

Description

Is there an existing issue for this?

Current Behavior

Expected Behavior

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions