feat(security): setup cors

author: William Hergès <william@herges.fr> 2025-10-05 14:59:25 +0200
committer: William Hergès <william@herges.fr> 2025-10-05 14:59:25 +0200
commit: f7a41e17693dd5301413f46efecdfe4f5b94cb6f (patch)
tree: 33d8817c888918646397c050851ba7deabea5dd6 /backend/router.go
parent: af6678decc6166f388d6e62edcb1407d2ce08f83 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/backend/router.go b/backend/router.go
index 65514ea..1231fdf 100644
--- a/backend/router.go
+++ b/backend/router.go
@@ -3,6 +3,7 @@ package backend
 import (
 	"context"
 	"embed"
+	"fmt"
 	"io/fs"
 	"log/slog"
 	"net/http"
@@ -67,6 +68,15 @@ func NewRouter(debug bool, cfg *Config, assets fs.FS) *chi.Mux {
 	}))
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			r.Header.Add("Access-Control-Allow-Origin", fmt.Sprintf("https://%s", cfg.Domain))
+			if !debug {
+				r.Header.Add("Access-Control-Max-Age", fmt.Sprintf("%d", 24*60*60))
+			}
+			next.ServeHTTP(w, r)
+		})
+	})
+	r.Use(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			ctx := context.WithValue(r.Context(), configKey, cfg)
 			ctx = context.WithValue(ctx, assetsFS, assets)
 			next.ServeHTTP(w, r.WithContext(ctx))
author	William Hergès <william@herges.fr>	2025-10-05 14:59:25 +0200
committer	William Hergès <william@herges.fr>	2025-10-05 14:59:25 +0200
commit	f7a41e17693dd5301413f46efecdfe4f5b94cb6f (patch)
tree	33d8817c888918646397c050851ba7deabea5dd6 /backend/router.go
parent	af6678decc6166f388d6e62edcb1407d2ce08f83 (diff)