From 4384933e5423d4fbf23473af580ec12f59465aec Mon Sep 17 00:00:00 2001
From: Xavier Vello <xavier@posthog.com>
Date: Fri, 3 Nov 2023 10:40:32 +0100
Subject: [PATCH] cors: enable allow_credentials

---
 capture/src/router.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/capture/src/router.rs b/capture/src/router.rs
index 8fc080d..58fef22 100644
--- a/capture/src/router.rs
+++ b/capture/src/router.rs
@@ -6,7 +6,7 @@ use axum::{
     routing::{get, post},
     Router,
 };
-use tower_http::cors::{AllowOrigin, Any, CorsLayer};
+use tower_http::cors::{AllowHeaders, AllowOrigin, CorsLayer};
 use tower_http::trace::TraceLayer;
 
 use crate::{billing_limits::BillingLimiter, capture, redis::Client, sink, time::TimeSource};
@@ -47,7 +47,8 @@ pub fn router<
     // and reverse proxies might send funky headers.
     let cors = CorsLayer::new()
         .allow_methods([Method::GET, Method::POST, Method::OPTIONS])
-        .allow_headers(Any)
+        .allow_headers(AllowHeaders::mirror_request())
+        .allow_credentials(true)
         .allow_origin(AllowOrigin::mirror_request());
 
     let router = Router::new()