add corsplug

config/runtime.exs

@@ -39,21 +39,7 @@ cors_origin = System.get_env("CORS_ORIGIN", "*")
 
 config :cors_plug,
   origin: cors_origin,
-  headers: [
+  allow_headers: ["*"]
-    "Authorization",
-    "x-organization-id",
-    "Content-Type",
-    "Accept",
-    "Origin",
-    "User-Agent",
-    "DNT",
-    "Cache-Control",
-    "X-Mx-ReqToken",
-    "Keep-Alive",
-    "X-Requested-With",
-    "If-Modified-Since",
-    "X-CSRF-Token"
-  ]
 
 # Zitadel Configuration
 

lib/policy_service_web/endpoint.ex

@@ -25,8 +25,7 @@ defmodule PolicyServiceWeb.Endpoint do
     from: :policy_service,
     gzip: not code_reloading?,
     only: PolicyServiceWeb.static_paths(),
-    raise_on_missing_only: code_reloading?,
+    raise_on_missing_only: code_reloading?
-    headers: %{"Access-Control-Allow-Origin" => "*"}
 
   # Code reloading can be explicitly enabled under the
   # :code_reloader configuration of your endpoint.
@@ -43,6 +42,7 @@ defmodule PolicyServiceWeb.Endpoint do
     pass: ["*/*"],
     json_decoder: Phoenix.json_library()
 
+  plug CORSPlug
   plug Plug.MethodOverride
   plug Plug.Head
   plug Plug.Session, @session_options