From b58ed871d3faafc75d1c191e07672785df334746 Mon Sep 17 00:00:00 2001
From: Flavius Raducu <raducuflavius@gmail.com>
Date: Sun, 5 Oct 2025 22:45:12 +0100
Subject: [PATCH] remove allow_credentials

---
 docs_src/cors/tutorial001.py                      | 5 ++---
 tests/test_tutorial/test_cors/test_tutorial001.py | 6 +-----
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/docs_src/cors/tutorial001.py b/docs_src/cors/tutorial001.py
index 5884fba99..3564114bc 100644
--- a/docs_src/cors/tutorial001.py
+++ b/docs_src/cors/tutorial001.py
@@ -13,9 +13,8 @@ origins = [
 app.add_middleware(
     CORSMiddleware,
     allow_origins=origins,
-    allow_credentials=True,
-    allow_methods=["GET"],
-    allow_headers=["Authorization", "X-Example"],
+    allow_methods=["*"],
+    allow_headers=["*"],
 )
 
 
diff --git a/tests/test_tutorial/test_cors/test_tutorial001.py b/tests/test_tutorial/test_cors/test_tutorial001.py
index 33e1e6503..f62c9df4f 100644
--- a/tests/test_tutorial/test_cors/test_tutorial001.py
+++ b/tests/test_tutorial/test_cors/test_tutorial001.py
@@ -18,11 +18,7 @@ def test_cors():
         response.headers["access-control-allow-origin"]
         == "https://localhost.tiangolo.com"
     )
-    assert response.headers["access-control-allow-headers"] == (
-        "Accept, Accept-Language, "
-        "Authorization, Content-Language, "
-        "Content-Type, X-Example"
-    )
+    assert response.headers["access-control-allow-headers"] == "X-Example"
 
     # Test standard response
     headers = {"Origin": "https://localhost.tiangolo.com"}