expanding CORS options and enabling explicit preflight response

2025-12-10 09:55:07 -06:00 · 2025-12-10 09:55:07 -06:00 · 2a7b525b83
commit 2a7b525b83
parent 3044ad6783
1 changed files with 9 additions and 0 deletions
--- a/server/server.js
+++ b/server/server.js
@ -41,7 +41,16 @@ app.use(cors({
    credentials: true
 }));
 app.use((req, res, next) => {
+    res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
+    res.setHeader('Access-Control-Allow-Credentials', 'true');
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
    res.setHeader('Access-Control-Allow-Private-Network', 'true');
+
+    if (req.method === 'OPTIONS') {
+        return res.status(200).end();
+    }
+    
    next();
 });
 app.use(express.json());