From 7f77c22f40b3e7eea1f1fa91d7de4d18dcc36a94 Mon Sep 17 00:00:00 2001
From: Fabrice Rabaute <fabrice@arista.com>
Date: Fri, 27 Aug 2021 14:23:14 -0700
Subject: [PATCH] Remove CORS middleware

The AuthService used a CORS middleware as a remnant of the original
fork:
ajmyyra/ambassador-auth-oidc@43dd5ae

The CORS middleware permits requests with certain default methods and
headers. However, since the default answer is 200, what it actually does
is proxy the CORS requests for those methods. I don't like the fact that we
don't set the response code explicitly. We should either remove this middleware
or document its use clearly.

Cherry-pick from: https://github.com/arrikto/oidc-authservice/pull/58
---
 main.go       | 3 +--
 web_server.go | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/main.go b/main.go
index d7d35e36..7c5eedaf 100644
--- a/main.go
+++ b/main.go
@@ -14,7 +14,6 @@ import (
 	"github.com/arrikto/oidc-authservice/authorizer"
 	"github.com/arrikto/oidc-authservice/oidc"
 	"github.com/arrikto/oidc-authservice/svc"
-	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 	"github.com/patrickmn/go-cache"
 	log "github.com/sirupsen/logrus"
@@ -78,7 +77,7 @@ func main() {
 	log.Infof("Starting server at %v:%v", c.Hostname, c.Port)
 	stopCh := make(chan struct{})
 	go func(stopCh chan struct{}) {
-		log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), handlers.CORS()(router)))
+		log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", c.Hostname, c.Port), router))
 		close(stopCh)
 	}(stopCh)
 
diff --git a/web_server.go b/web_server.go
index 8e2290e2..4170d6ff 100644
--- a/web_server.go
+++ b/web_server.go
@@ -8,7 +8,6 @@ import (
 	"strings"
 
 	"github.com/arrikto/oidc-authservice/logger"
-	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 )
 
@@ -85,7 +84,7 @@ func (s *WebServer) Start(addr string) error {
 			),
 		)
 
-	return http.ListenAndServe(addr, handlers.CORS()(router))
+	return http.ListenAndServe(addr, router)
 }
 
 // siteHandler returns an http.HandlerFunc that serves a given template