From f7a41e17693dd5301413f46efecdfe4f5b94cb6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?William=20Herg=C3=A8s?= <william@herges.fr>
Date: Sun, 5 Oct 2025 14:59:25 +0200
Subject: feat(security): setup cors

---
 backend/router.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'backend')

diff --git a/backend/router.go b/backend/router.go
index 65514ea..1231fdf 100644
--- a/backend/router.go
+++ b/backend/router.go
@@ -3,6 +3,7 @@ package backend
 import (
 	"context"
 	"embed"
+	"fmt"
 	"io/fs"
 	"log/slog"
 	"net/http"
@@ -65,6 +66,15 @@ func NewRouter(debug bool, cfg *Config, assets fs.FS) *chi.Mux {
 		LogRequestHeaders:  []string{"Origin"},
 		LogResponseHeaders: []string{},
 	}))
+	r.Use(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			r.Header.Add("Access-Control-Allow-Origin", fmt.Sprintf("https://%s", cfg.Domain))
+			if !debug {
+				r.Header.Add("Access-Control-Max-Age", fmt.Sprintf("%d", 24*60*60))
+			}
+			next.ServeHTTP(w, r)
+		})
+	})
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			ctx := context.WithValue(r.Context(), configKey, cfg)
-- 
cgit v1.2.3