Allow CORS on keys and token endpoints

server/handlers.go

@@ -12,7 +12,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 	jose "gopkg.in/square/go-jose.v2"
 
@@ -104,7 +103,7 @@ type discovery struct {
 	Claims        []string `json:"claims_supported"`
 }
 
-func (s *Server) discoveryHandler() (http.Handler, error) {
+func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
 	d := discovery{
 		Issuer:      s.issuerURL.String(),
 		Auth:        s.absURL("/auth"),
@@ -130,18 +129,11 @@ func (s *Server) discoveryHandler() (http.Handler, error) {
 		return nil, fmt.Errorf("failed to marshal discovery data: %v", err)
 	}
 
-	var discoveryHandler http.Handler
-	discoveryHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		w.Header().Set("Content-Length", strconv.Itoa(len(data)))
 		w.Write(data)
-	})
-	if len(s.discoveryAllowedOrigins) > 0 {
-		corsOption := handlers.AllowedOrigins(s.discoveryAllowedOrigins)
-		discoveryHandler = handlers.CORS(corsOption)(discoveryHandler)
-	}
-
-	return discoveryHandler, nil
+	}), nil
 }
 
 // handleAuthorization handles the OAuth2 auth endpoint.