Remove httpHeaders from production web configs

[David S Taylor]

In my default web.js, for development I have some access control headers to facilitate our development environment:

httpHeaders : {

  'X-Powered-By'                : api.config.general.serverName,
  'Access-Control-Allow-Origin' : 'http://localhost:3000',
  'Access-Control-Allow-Methods': 'HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS, TRACE',
  'Access-Control-Allow-Credentials': 'true', // 
  'Access-Control-Allow-Headers': 'Content-Type,X-Requested-With'
},

In production, i want to remove those headers, but keep the powered by header, so I set the Access-Control headers to null, thinking it would remove like shown in the padding example:

exports.production = { 
  servers: {
    web: function(api){
      return {
        httpHeaders : {
          'Access-Control-Allow-Origin' : null,
          'Access-Control-Allow-Methods': null,
          'Access-Control-Allow-Credentials': null,
          'Access-Control-Allow-Headers': null
        },
padding: null,


But instead Im getting null in the headers. Is there a way to remove these settings when overriding the merge of configs in production?

Access-Control-Allow-Credentials:null

Access-Control-Allow-Headers:null

Access-Control-Allow-Methods:null

Access-Control-Allow-Origin:null

[Evan Tahler]

Good idea! 

https://github.com/evantahler/actionhero/pull/803

I'll cut the next release later this week

[David S Taylor]

> I'll cut the next release later this week

Thanks!

On Tuesday, March 29, 2016 at 10:32:38 AM UTC-7, David S Taylor wrote: