From b7f8cb5094989d56f7fef212360f24586555caf5 Mon Sep 17 00:00:00 2001
From: Benson Wong <mostlygeek@gmail.com>
Date: Fri, 4 Apr 2025 14:44:35 -0700
Subject: [PATCH] Limit Access-Control-Allow-Origin to OPTIONS preflight
 requests #85

---
 proxy/proxymanager.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/proxy/proxymanager.go b/proxy/proxymanager.go
index 4c4fee5..ad34a38 100644
--- a/proxy/proxymanager.go
+++ b/proxy/proxymanager.go
@@ -75,11 +75,8 @@ func New(config *Config) *ProxyManager {
 	// see: issue: #81, #77 and #42 for CORS issues
 	// respond with permissive OPTIONS for any endpoint
 	pm.ginEngine.Use(func(c *gin.Context) {
-
-		// set this for all requests
-		c.Header("Access-Control-Allow-Origin", "*")
-
 		if c.Request.Method == "OPTIONS" {
+			c.Header("Access-Control-Allow-Origin", "*")
 			c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
 
 			// allow whatever the client requested by default