Removed default headers from CORS_OPTS

This patch removes all 'simple' headers from the default
configuration options, as these are already automatically
handled by the middleware (see line 80).

The list of simple headers is explicitly defined in the W3C
specification, here: https://www.w3.org/TR/cors/#terminology

Change-Id: I34aaec650aa57db083aedd07a5ebe47f6853aa4e

1 files changed, 2 insertions, 4 deletions

diff --git a/oslo_middleware/cors.py b/oslo_middleware/cors.py
index 2e53741..804b123 100644
--- a/oslo_middleware/cors.py
+++ b/oslo_middleware/cors.py
@@ -37,8 +37,7 @@ CORS_OPTS = [
                 help='Indicate that the actual request can include user '
                      'credentials'),
     cfg.ListOpt('expose_headers',
-                default=['Content-Type', 'Cache-Control', 'Content-Language',
-                         'Expires', 'Last-Modified', 'Pragma'],
+                default=[],
                 help='Indicate which headers are safe to expose to the API. '
                      'Defaults to HTTP Simple Headers.'),
     cfg.IntOpt('max_age',
@@ -49,8 +48,7 @@ CORS_OPTS = [
                 help='Indicate which methods can be used during the actual '
                      'request.'),
     cfg.ListOpt('allow_headers',
-                default=['Content-Type', 'Cache-Control', 'Content-Language',
-                         'Expires', 'Last-Modified', 'Pragma'],
+                default=[],
                 help='Indicate which header field names may be used during '
                      'the actual request.')
 ]