From bfcd84c9400018a551e51888a6727b817bd8144d Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Sun, 16 Jun 2024 20:56:28 +0530
Subject: [PATCH] Whitelist the necessary one

---
 infra/workers/uploader/src/index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infra/workers/uploader/src/index.ts b/infra/workers/uploader/src/index.ts
index 9dd2a073f6..3cc2fe8b31 100644
--- a/infra/workers/uploader/src/index.ts
+++ b/infra/workers/uploader/src/index.ts
@@ -29,7 +29,7 @@ const handleOPTIONS = (request: Request) => {
             "Access-Control-Allow-Origin": "*",
             "Access-Control-Allow-Methods": "POST, PUT, OPTIONS",
             "Access-Control-Max-Age": "86400",
-            // "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package",
+            // "Access-Control-Allow-Headers": "UPLOAD-URL",
             "Access-Control-Allow-Headers": "*",
             "Access-Control-Expose-Headers": "X-Request-ID, CF-Ray",
         },
@@ -56,7 +56,7 @@ const isAllowedOrigin = (origin: string | null) => {
 };
 
 const areAllowedHeaders = (headers: string | null) => {
-    const allowed = ["x-auth-token", "x-client-package"];
+    const allowed = ["UPLOAD-URL"];
 
     if (!headers) return true;
     for (const header of headers.split(",")) {