From 6360182340659a88b6410a317f89ec3ac106ff90 Mon Sep 17 00:00:00 2001
From: Russ Poetker <rpoetke1@jh.edu>
Date: Tue, 5 Dec 2023 17:15:00 -0500
Subject: [PATCH] Update cors headers to fix security alert

---
 demo-proxy/etc-httpd/conf.d/httpd.conf | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/demo-proxy/etc-httpd/conf.d/httpd.conf b/demo-proxy/etc-httpd/conf.d/httpd.conf
index 49624dda..1e246ec9 100644
--- a/demo-proxy/etc-httpd/conf.d/httpd.conf
+++ b/demo-proxy/etc-httpd/conf.d/httpd.conf
@@ -50,13 +50,8 @@ EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
     #Header set Strict-Transport-Security "max-age=300"
     #Header set Content-Security-Policy: upgrade-insecure-requests
 
-    Header set Access-Control-Max-Age "300"
-    # could be 'localhost', <ip-of-docker-machine>, '</etc/hosts entry>'
-    Header set Access-Control-Allow-Origin "*"
-    # allow cookies to be sent cross origin
-    Header set Access-Control-Allow-Credentials "true"
+    Header set Access-Control-Allow-Origin "${PASS_CORE_BASE_URL}"
     Header merge Access-Control-Allow-Methods "PUT, OPTIONS"
-    Header merge Access-Control-Expose-Headers "authorization"
 
     #Map /idp to Tomcat
     ProxyPass /idp https://idp:4443/idp