diff --git a/backend/main.go b/backend/main.go index 15627e0..941b0f6 100644 --- a/backend/main.go +++ b/backend/main.go @@ -38,13 +38,13 @@ func main() { r := gin.Default() r.MaxMultipartMemory = 32 << 20 // 32 MB - // CORS middleware + // CORS middleware - Allow all origins, methods, and headers r.Use(cors.New(cors.Config{ AllowOrigins: []string{"*"}, - AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}, - AllowHeaders: []string{"Origin", "Content-Type", "Accept", "Authorization"}, - ExposeHeaders: []string{"Content-Length"}, - AllowCredentials: true, + AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"}, + AllowHeaders: []string{"*"}, + ExposeHeaders: []string{"*"}, + AllowCredentials: false, // Must be false when using wildcard origins AllowOriginFunc: func(origin string) bool { return true // Allow all origins }, diff --git a/frontend/nginx.conf b/frontend/nginx.conf index eac9f50..531be1f 100644 --- a/frontend/nginx.conf +++ b/frontend/nginx.conf @@ -30,10 +30,27 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + + # CORS headers - Allow all origins + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD' always; + add_header 'Access-Control-Allow-Headers' '*' always; + add_header 'Access-Control-Expose-Headers' '*' always; + add_header 'Access-Control-Max-Age' '3600' always; + + # Handle preflight requests + if ($request_method = 'OPTIONS') { + return 204; + } } # SPA fallback location / { + # CORS headers - Allow all origins for static content + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD' always; + add_header 'Access-Control-Allow-Headers' '*' always; + try_files $uri $uri/ /index.html; }