From 7353bc0b2bb60cf59abbe061e0c1b052bc5d7db5 Mon Sep 17 00:00:00 2001
From: Luis Pater <webmaster@idotorg.org>
Date: Mon, 8 Sep 2025 23:36:43 +0800
Subject: [PATCH] Fix bug: #38 about lobechat cors policy

Relax CORS policy by allowing all headers in API responses
---
 internal/api/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/api/server.go b/internal/api/server.go
index 3af272b3..65ba7fd8 100644
--- a/internal/api/server.go
+++ b/internal/api/server.go
@@ -279,7 +279,7 @@ func corsMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		c.Header("Access-Control-Allow-Origin", "*")
 		c.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-		c.Header("Access-Control-Allow-Headers", "Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+		c.Header("Access-Control-Allow-Headers", "*")
 
 		if c.Request.Method == "OPTIONS" {
 			c.AbortWithStatus(http.StatusNoContent)