Simplify CORS config - allow all origins
- Use AllowAllOrigins=true to fix panic - Set AllowCredentials=false (required with AllowAllOrigins) - This is typical for public REST APIs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Trey t
@@ -114,48 +114,16 @@ func SetupRouter(deps *Dependencies) *gin.Engine {
|
|||||||
return r
|
return r
|
||||||
}
|
}
|
||||||
|
|
||||||
// corsMiddleware configures CORS
|
// corsMiddleware configures CORS - allowing all origins for API access
|
||||||
func corsMiddleware(cfg *config.Config) gin.HandlerFunc {
|
func corsMiddleware(cfg *config.Config) gin.HandlerFunc {
|
||||||
corsConfig := cors.Config{
|
return cors.New(cors.Config{
|
||||||
|
AllowAllOrigins: true,
|
||||||
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
|
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
|
||||||
AllowHeaders: []string{"Origin", "Content-Type", "Accept", "Authorization"},
|
AllowHeaders: []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Requested-With"},
|
||||||
ExposeHeaders: []string{"Content-Length"},
|
ExposeHeaders: []string{"Content-Length"},
|
||||||
AllowCredentials: true,
|
AllowCredentials: false, // Must be false when AllowAllOrigins is true
|
||||||
MaxAge: 12 * time.Hour,
|
MaxAge: 12 * time.Hour,
|
||||||
}
|
})
|
||||||
|
|
||||||
// In debug mode or if no proper origins configured, allow all origins
|
|
||||||
if cfg.Server.Debug {
|
|
||||||
corsConfig.AllowAllOrigins = true
|
|
||||||
} else {
|
|
||||||
// Transform allowed hosts to proper origins with https://
|
|
||||||
var origins []string
|
|
||||||
for _, host := range cfg.Server.AllowedHosts {
|
|
||||||
host = strings.TrimSpace(host)
|
|
||||||
if host == "" {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
if host == "*" {
|
|
||||||
corsConfig.AllowAllOrigins = true
|
|
||||||
break
|
|
||||||
}
|
|
||||||
// If host doesn't have scheme, add https://
|
|
||||||
if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
|
|
||||||
origins = append(origins, "https://"+host)
|
|
||||||
origins = append(origins, "http://"+host) // Also allow http for dev
|
|
||||||
} else {
|
|
||||||
origins = append(origins, host)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if !corsConfig.AllowAllOrigins && len(origins) > 0 {
|
|
||||||
corsConfig.AllowOrigins = origins
|
|
||||||
} else if !corsConfig.AllowAllOrigins {
|
|
||||||
// Fallback to allow all if no valid origins
|
|
||||||
corsConfig.AllowAllOrigins = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return cors.New(corsConfig)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// healthCheck returns API health status
|
// healthCheck returns API health status
|
||||||
|
|||||||
Reference in New Issue
Block a user