From 88684a67ca1c46ecb2d30118774a7ae6954fb774 Mon Sep 17 00:00:00 2001
From: "@nekomimi.pet" <ana@nekoimimi.pet>
Date: Fri, 31 Oct 2025 12:28:45 -0400
Subject: [PATCH] knotserver/middleware.go: add cors headers as a middleware
 function

---
 knotserver/middleware.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/knotserver/middleware.go b/knotserver/middleware.go
index ae6280d6..5b579bc6 100644
--- a/knotserver/middleware.go
+++ b/knotserver/middleware.go
@@ -33,3 +33,21 @@ func (h *Knot) RequestLogger(next http.Handler) http.Handler {
 		)
 	})
 }
+
+func (h *Knot) CORS(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Set CORS headers
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+		w.Header().Set("Access-Control-Max-Age", "86400")
+
+		// Handle preflight requests
+		if r.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
-- 
2.51.0


From 396baab56f72b0269525a3e84ba9a087d79aa982 Mon Sep 17 00:00:00 2001
From: "@nekomimi.pet" <ana@nekoimimi.pet>
Date: Fri, 31 Oct 2025 12:28:49 -0400
Subject: [PATCH] knotserver/router.go: have top level router use cors header
 function

---
 knotserver/router.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/knotserver/router.go b/knotserver/router.go
index 56fd9eac..d36a184b 100644
--- a/knotserver/router.go
+++ b/knotserver/router.go
@@ -71,6 +71,7 @@ func Setup(ctx context.Context, c *config.Config, db *db.DB, e *rbac.Enforcer, j
 func (h *Knot) Router() http.Handler {
 	r := chi.NewRouter()
 
+	r.Use(h.CORS)
 	r.Use(h.RequestLogger)
 
 	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
-- 
2.51.0