From c970c74a2b182ea2477291b3b54124585933ce1f Mon Sep 17 00:00:00 2001
From: dwelle <luzar.david@gmail.com>
Date: Thu, 14 Jan 2021 12:10:45 +0100
Subject: [PATCH] fix: ensure non-* CORS origin header is set if no req headers
 sent

---
 src/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/index.ts b/src/index.ts
index 01ba520..c6084e0 100755
--- a/src/index.ts
+++ b/src/index.ts
@@ -24,7 +24,7 @@ const io = socketIO(server, {
   handlePreflightRequest: function (req, res) {
     var headers = {
       "Access-Control-Allow-Headers": "Content-Type, Authorization",
-      "Access-Control-Allow-Origin": req.header ? req.header.origin : "*",
+      "Access-Control-Allow-Origin": req.header ? req.header.origin : "https://excalidraw.com",
       "Access-Control-Allow-Credentials": true,
     };
     res.writeHead(200, headers);