Files
coder/coderd/workspaceapps
Asher 96f9e61ca1 Strip CORS headers from applications (#8057)
The problem is that the headers get doubled up (not overwritten) and
browsers do not like multiple values for the allowed origin even though
it appears the spec allows for it.

We could prefer the application's headers instead of ours but since we
control OPTIONS I think preferring ours will by the more consistent
experience and also aligns with the original RFC.
2023-06-21 13:41:27 -08:00
..