From 575b3bd8dfbb7422969dde12a3ea988f1488e2b0 Mon Sep 17 00:00:00 2001 From: Max Goodman Date: Thu, 6 Oct 2011 19:41:30 -0700 Subject: [PATCH] Do not 403 CORS requests with non-allowed origin. --- r2/r2/controllers/reddit_base.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/r2/r2/controllers/reddit_base.py b/r2/r2/controllers/reddit_base.py index d97aea530..8de3c0649 100644 --- a/r2/r2/controllers/reddit_base.py +++ b/r2/r2/controllers/reddit_base.py @@ -664,8 +664,6 @@ class MinimalController(BaseController): response.headers["Access-Control-Allow-Origin"] = origin if cors.get("allow_credentials"): response.headers["Access-Control-Allow-Credentials"] = "true" - else: - self.abort403() def OPTIONS(self): """Return empty responses for CORS preflight requests"""