From 1598a1447ac43c78207d89b335a6369f8ba82af7 Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Wed, 23 Oct 2024 17:11:56 +0900
Subject: [PATCH] fix(api): use default permissive CORS configuration when
 unset

Turns out CORS defaults to strict if no headers are sent at all, so this permissive default makes more sense.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 app.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 345e264..f4441a8 100644
--- a/app.go
+++ b/app.go
@@ -23,7 +23,8 @@ func serve(sig chan os.Signal, db *leveldb.DB) error {
 			AllowHeaders: []string{"Origin", "Content-Type", "Accept"},
 		}))
 	} else {
-		log.Println("CORS disabled")
+		log.Println("CORS unset")
+		app.Use(cors.New(cors.ConfigDefault))
 	}
 
 	var captcha fiber.Handler
-- 
GitLab