Cleanup CORSByPass

test/CORSBypass.ts

@@ -11,7 +11,7 @@ export async function setupCORSBypass(page: Page) {
       return;
     }
 
-    //// Handle preflight (OPTIONS) requests separately.
+    // Handle preflight (OPTIONS) requests separately.
     // These should not be forwarded to the target server.
     if (request.method() === "OPTIONS") {
       await route.fulfill({
@@ -20,8 +20,7 @@ export async function setupCORSBypass(page: Page) {
           "Access-Control-Allow-Origin": origin,
           "Access-Control-Allow-Credentials": "true",
           "Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS,HEAD",
-          "Access-Control-Request-Headers": "*, x-ms-continuation",
-          "Access-Control-Max-Age": "86400", // Cache preflight response for 1 day
+          "Access-Control-Allow-Headers": request.headers()["access-control-request-headers"] || "*",
           Vary: "Origin",
         },
       });
@@ -35,21 +34,14 @@ export async function setupCORSBypass(page: Page) {
       },
     });
 
-    const responseHeaders = response.headers();
-    // Clean up any pre-existing CORS headers from the real response to avoid conflicts.
-    delete responseHeaders["access-control-allow-origin"];
-    delete responseHeaders["access-control-allow-credentials"];
-
     await route.fulfill({
       status: response.status(),
       headers: {
-        ...responseHeaders,
-        "Access-Control-Allow-Origin": origin,
-        "Access-Control-Allow-Credentials": "true",
-        "Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS,HEAD",
+        ...response.headers(),
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "*",
         "Access-Control-Allow-Headers": "*",
-        "Access-Control-Expose-Headers": "x-ms-continuation,x-ms-request-charge,x-ms-session-token",
-        Vary: "Origin",
+        "Access-Control-Allow-Credentials": "*",
       },
       body: await response.body(),
     });