From 7ebdff1b37a8aab6db9a73f3969a1d1b57c991d6 Mon Sep 17 00:00:00 2001
From: Fabrice Rabaute <fabrice@arista.com>
Date: Fri, 27 Aug 2021 14:23:14 -0700
Subject: [PATCH] Remove CORS middleware

The AuthService used a CORS middleware as a remnant of the original
fork:
ajmyyra/ambassador-auth-oidc@43dd5ae

The CORS middleware permits requests with certain default methods and
headers. However, since the default answer is 200, what it actually does
is proxy the CORS requests for those methods. I don't like the fact that we
don't set the response code explicitly. We should either remove this middleware
or document its use clearly.

Cherry-pick from: https://github.com/arrikto/oidc-authservice/pull/58
---
 main.go       | 3 +--
 web_server.go | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/main.go b/main.go
index 721cb6a2..8fb47d77 100644
--- a/main.go
+++ b/main.go
@@ -14,7 +14,6 @@ import (
 	"github.com/arrikto/oidc-authservice/authorizer"
 	"github.com/arrikto/oidc-authservice/oidc"
 	"github.com/arrikto/oidc-authservice/svc"
-	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 	"github.com/patrickmn/go-cache"
 	log "github.com/sirupsen/logrus"
@@ -79,7 +78,7 @@ func main() {
 	log.Infof("Starting judge server at %v:%v", c.Hostname, c.Port)
 	stopCh := make(chan struct{})
 	go func(stopCh chan struct{}) {
-		log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), handlers.CORS()(router)))
+		log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), router))
 		close(stopCh)
 	}(stopCh)
 
diff --git a/web_server.go b/web_server.go
index 8e2290e2..4170d6ff 100644
--- a/web_server.go
+++ b/web_server.go
@@ -8,7 +8,6 @@ import (
 	"strings"
 
 	"github.com/arrikto/oidc-authservice/logger"
-	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 )
 
@@ -85,7 +84,7 @@ func (s *WebServer) Start(addr string) error {
 			),
 		)
 
-	return http.ListenAndServe(addr, handlers.CORS()(router))
+	return http.ListenAndServe(addr, router)
 }
 
 // siteHandler returns an http.HandlerFunc that serves a given template