From 2584dcbb8adc44843a172e20f5b00208221d104c Mon Sep 17 00:00:00 2001
From: Filip Sufitchi <fsufitchi@gmail.com>
Date: Wed, 12 Feb 2020 12:10:42 -0500
Subject: [PATCH] Add CORS header to let the UI hit the API

---
 web/security.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/security.go b/web/security.go
index 81eeba2..b1f5291 100644
--- a/web/security.go
+++ b/web/security.go
@@ -22,6 +22,7 @@ type wrappedHandler struct {
 
 func (h wrappedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	auth := r.Header.Get("Authorization")
+	w.Header().Set("Access-Control-Allow-Origin", "*") // TODO: make this smarter?
 	if !strings.HasPrefix(auth, "Bearer ") {
 		plainTextResponse(w, http.StatusUnauthorized, []byte("Missing `Authorization: Bearer ...` header"))
 		h.log.HTTP(http.StatusUnauthorized, r)