The CORS middleware permits requests with certain default methods and
headers. However, since the default answer is 200, what it actually does
is proxy the CORS requests for those methods. I don't like the fact that we
don't set the response code explicitly. We should either remove this middleware
or document its use clearly.
Description of your changes:
The AuthService used a CORS middleware as a remnant of the original fork: https://github.com/ajmyyra/ambassador-auth-oidc/commit/43dd5ae57de2e4bdfc786fc35dd754ffa508e357
The CORS middleware permits requests with certain default methods and headers. However, since the default answer is 200, what it actually does is proxy the CORS requests for those methods. I don't like the fact that we don't set the response code explicitly. We should either remove this middleware or document its use clearly.
Requirements: