feat: Merge pull request #982 from pelias/remove_allow_credentials_cors_header

Remove Access-Control-Allow-Credentials header

middleware/cors.js

@@ -3,8 +3,7 @@ function middleware(req, res, next){
   res.header('Access-Control-Allow-Origin', '*');
   res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
   res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
-  res.header('Access-Control-Allow-Credentials', true);
   next();
 }
 
-module.exports = middleware;
+module.exports = middleware;

test/ciao/CORS/headers_GET.coffee

@@ -6,4 +6,3 @@ path: '/'
 response.should.have.header 'Access-Control-Allow-Origin','*'
 response.should.have.header 'Access-Control-Allow-Methods','GET, OPTIONS'
 response.should.have.header 'Access-Control-Allow-Headers','X-Requested-With,content-type'
-response.should.have.header 'Access-Control-Allow-Credentials','true'

test/ciao/CORS/headers_OPTIONS.coffee

@@ -7,4 +7,3 @@ method: 'OPTIONS'
 response.should.have.header 'Access-Control-Allow-Origin','*'
 response.should.have.header 'Access-Control-Allow-Methods','GET, OPTIONS'
 response.should.have.header 'Access-Control-Allow-Headers','X-Requested-With,content-type'
-response.should.have.header 'Access-Control-Allow-Credentials','true'