From 440104bad6b08b2d6ddc9b584c95ec3cf931eeb9 Mon Sep 17 00:00:00 2001 From: Trey t Date: Wed, 26 Nov 2025 20:28:13 -0600 Subject: [PATCH] Fix CORS middleware panic and add Procfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Transform ALLOWED_HOSTS to proper origins with http/https prefix - Fallback to AllowAllOrigins if no valid origins configured - Add Procfile for dokku process types 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- Procfile | 2 ++ internal/router/router.go | 28 ++++++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 Procfile diff --git a/Procfile b/Procfile new file mode 100644 index 0000000..30a8aa1 --- /dev/null +++ b/Procfile @@ -0,0 +1,2 @@ +web: /app/api +worker: /app/worker diff --git a/internal/router/router.go b/internal/router/router.go index 525261f..2141b38 100644 --- a/internal/router/router.go +++ b/internal/router/router.go @@ -124,11 +124,35 @@ func corsMiddleware(cfg *config.Config) gin.HandlerFunc { MaxAge: 12 * time.Hour, } - // In debug mode, allow all origins; otherwise use configured hosts + // In debug mode or if no proper origins configured, allow all origins if cfg.Server.Debug { corsConfig.AllowAllOrigins = true } else { - corsConfig.AllowOrigins = cfg.Server.AllowedHosts + // Transform allowed hosts to proper origins with https:// + var origins []string + for _, host := range cfg.Server.AllowedHosts { + host = strings.TrimSpace(host) + if host == "" { + continue + } + if host == "*" { + corsConfig.AllowAllOrigins = true + break + } + // If host doesn't have scheme, add https:// + if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") { + origins = append(origins, "https://"+host) + origins = append(origins, "http://"+host) // Also allow http for dev + } else { + origins = append(origins, host) + } + } + if !corsConfig.AllowAllOrigins && len(origins) > 0 { + corsConfig.AllowOrigins = origins + } else if !corsConfig.AllowAllOrigins { + // Fallback to allow all if no valid origins + corsConfig.AllowAllOrigins = true + } } return cors.New(corsConfig)