The access-control-allowed-origins CORS header only allows a single origin or "*" as its response. To support multiple origins, the cors middleware makes this header dynamic based on the referrer header of the request when the middleware is configured with anything but a single string.
To help avoid a few edge cases customers may encounter, we can unwrap an array of one element into a scalar to encourage the cors middleware to make the access-control-allowed-origin header static.
As a very minor performance boost, this change also instantiates the cors middleware once and uses it on all requests rather than constructing it dynamically within a request.
The access-control-allowed-origins CORS header only allows a single origin or "*" as its response. To support multiple origins, the cors middleware makes this header dynamic based on the referrer header of the request when the middleware is configured with anything but a single string.
To help avoid a few edge cases customers may encounter, we can unwrap an array of one element into a scalar to encourage the cors middleware to make the access-control-allowed-origin header static.
As a very minor performance boost, this change also instantiates the cors middleware once and uses it on all requests rather than constructing it dynamically within a request.