From 6a2bf5d2dc8db5f27d7cef8cd77e9698b49e5538 Mon Sep 17 00:00:00 2001
From: Ethan Turner <17074013+ethanaturner@users.noreply.github.com>
Date: Wed, 4 Sep 2024 18:36:27 -0700
Subject: [PATCH] fix: remove X-Requested-With restriction (#367)

---
 server/api.js        | 12 ------------
 server/middleware.ts |  1 +
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/server/api.js b/server/api.js
index 728bf133..c6009aef 100644
--- a/server/api.js
+++ b/server/api.js
@@ -96,18 +96,6 @@ router.use(cors({
 
 router.use(middleware.authSanitizer);
 
-router.use(middleware.middlewareFilter(
-  [
-    ...ssoRoutes,
-    ...apiAuthRoutes,
-    '/commons/kbexport',
-    '/analytics/learning/init',
-    '/payments/webhook',
-    '/cloudflare/stream-url',
-  ],
-  middleware.requestSecurityHelper,
-));
-
 /* Auth */
 router.route('/oidc/libretexts').get(authAPI.completeLogin);
 
diff --git a/server/middleware.ts b/server/middleware.ts
index ffafca06..11f26df3 100644
--- a/server/middleware.ts
+++ b/server/middleware.ts
@@ -129,6 +129,7 @@ function authSanitizer(req: Request, _res: Response, next: NextFunction) {
 /**
  * Performs security checks on incoming requests by examing header values.
  *
+ * @deprecated
  * @param {express.Request} req - Incoming request object.
  * @param {express.Response} res - Outgoing response object.
  * @param {express.NextFunction} next - Next middleware function to run.