cors

backend/main.go

@@ -38,13 +38,13 @@ func main() {
 	r := gin.Default()
 	r.MaxMultipartMemory = 32 << 20 // 32 MB
 
-	// CORS middleware
+	// CORS middleware - Allow all origins, methods, and headers
 	r.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"},
-		AllowHeaders:     []string{"Origin", "Content-Type", "Accept", "Authorization"},
+		AllowHeaders:     []string{"*"},
-		ExposeHeaders:    []string{"Content-Length"},
+		ExposeHeaders:    []string{"*"},
-		AllowCredentials: true,
+		AllowCredentials: false, // Must be false when using wildcard origins
 		AllowOriginFunc: func(origin string) bool {
 			return true // Allow all origins
 		},

frontend/nginx.conf

@@ -30,10 +30,27 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # CORS headers - Allow all origins
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD' always;
+        add_header 'Access-Control-Allow-Headers' '*' always;
+        add_header 'Access-Control-Expose-Headers' '*' always;
+        add_header 'Access-Control-Max-Age' '3600' always;
+        
+        # Handle preflight requests
+        if ($request_method = 'OPTIONS') {
+            return 204;
+        }
     }
 
     # SPA fallback
     location / {
+        # CORS headers - Allow all origins for static content
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD' always;
+        add_header 'Access-Control-Allow-Headers' '*' always;
+        
         try_files $uri $uri/ /index.html;
     }