From 837ceaa5769d4fbabed28641488675297314232d Mon Sep 17 00:00:00 2001
From: Rub21 <ruben@developmentseed.org>
Date: Thu, 14 Sep 2023 14:38:44 -0500
Subject: [PATCH] Fix CORS headers for preflight requests

---
 images/web/config/production.conf | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/images/web/config/production.conf b/images/web/config/production.conf
index df9d03f9..8c918f97 100644
--- a/images/web/config/production.conf
+++ b/images/web/config/production.conf
@@ -6,15 +6,10 @@
 
     # Add CORS headers for preflight requests
     <IfModule mod_headers.c>
-        Header always set Access-Control-Allow-Origin "*"
-        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
-        Header always set Access-Control-Max-Age "1000"
-        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
-        
-        # Respond to preflight requests
-        RewriteEngine On
-        RewriteCond %{REQUEST_METHOD} OPTIONS
-        RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ACCESS_CONTROL_ALLOW_HEADERS:Authorization]
+        Header set Access-Control-Allow-Origin "*"
+        Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
+        Header set Access-Control-Max-Age "1000"
+        Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
     </IfModule>
 
     # Existing rewrite rules