commit 9a7940ba9994789293b44c64632822cc849c918c Author: Peter Haight peterh@giantrabbit.com Date: Wed Oct 21 10:26:04 2020 -0700

Use wildcard for Access-Control-Allow-Origin

The newsletter site captcha isn't working because it needs this header set to newsletter.torproject.org and this header doesn't allow multiple origins. We'll just set it to wildcard for now and figure out if we can do something else. --- src/AccessControlMiddleware.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/AccessControlMiddleware.php b/src/AccessControlMiddleware.php index d900fa63..d5b7381d 100644 --- a/src/AccessControlMiddleware.php +++ b/src/AccessControlMiddleware.php @@ -4,7 +4,7 @@ namespace Tor;

class AccessControlMiddleware { public function __invoke($request, $response, $next) { - $response = $response->withHeader('Access-Control-Allow-Origin', $this->torSiteBaseUrl); + $response = $response->withHeader('Access-Control-Allow-Origin', '*'); $response = $response->withHeader('Access-Control-Allow-Credentials', 'true'); $response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type'); return $next($request, $response);