From 0da98b5ef973eb27da83c71612002178cf45f6dc Mon Sep 17 00:00:00 2001
From: vishal <vishalbollu@users.noreply.github.com>
Date: Mon, 23 Dec 2019 11:12:09 -0500
Subject: [PATCH] Allow flexible headers with cors

---
 pkg/workloads/cortex/onnx_serve/api.py   | 4 +++-
 pkg/workloads/cortex/python_serve/api.py | 4 +++-
 pkg/workloads/cortex/tf_api/api.py       | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/pkg/workloads/cortex/onnx_serve/api.py b/pkg/workloads/cortex/onnx_serve/api.py
index f06e7e1284..b3e031b1e8 100644
--- a/pkg/workloads/cortex/onnx_serve/api.py
+++ b/pkg/workloads/cortex/onnx_serve/api.py
@@ -41,7 +41,9 @@ def before_request():
 @app.after_request
 def after_request(response):
     response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Access-Control-Allow-Headers"] = "*"
+    response.headers["Access-Control-Allow-Headers"] = request.headers.get(
+        "Access-Control-Request-Headers", "*"
+    )
 
     if not (request.path == "/predict" and request.method == "POST"):
         return response
diff --git a/pkg/workloads/cortex/python_serve/api.py b/pkg/workloads/cortex/python_serve/api.py
index 2aedfb5a29..144e25a09c 100644
--- a/pkg/workloads/cortex/python_serve/api.py
+++ b/pkg/workloads/cortex/python_serve/api.py
@@ -40,7 +40,9 @@ def before_request():
 @app.after_request
 def after_request(response):
     response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Access-Control-Allow-Headers"] = "*"
+    response.headers["Access-Control-Allow-Headers"] = request.headers.get(
+        "Access-Control-Request-Headers", "*"
+    )
 
     if request.path != "/predict":
         return response
diff --git a/pkg/workloads/cortex/tf_api/api.py b/pkg/workloads/cortex/tf_api/api.py
index 44c83be1af..b18302d06c 100644
--- a/pkg/workloads/cortex/tf_api/api.py
+++ b/pkg/workloads/cortex/tf_api/api.py
@@ -41,7 +41,9 @@ def before_request():
 @app.after_request
 def after_request(response):
     response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Access-Control-Allow-Headers"] = "*"
+    response.headers["Access-Control-Allow-Headers"] = request.headers.get(
+        "Access-Control-Request-Headers", "*"
+    )
 
     if not (request.path == "/predict" and request.method == "POST"):
         return response