From 28eac35660677475881cf795d00c8dbabae212fb Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Tue, 10 Feb 2026 19:08:21 +0100 Subject: [PATCH] :sparkles: Enable cors by default on devenv --- backend/scripts/_env | 2 ++ backend/src/app/http/middleware.clj | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/backend/scripts/_env b/backend/scripts/_env index 0026d9f901..6e40619ae6 100644 --- a/backend/scripts/_env +++ b/backend/scripts/_env @@ -29,6 +29,8 @@ export PENPOT_FLAGS="\ enable-user-feedback \ disable-secure-session-cookies \ enable-smtp \ + enable-cors \ + disable-secure-session-cookies \ enable-prepl-server \ enable-urepl-server \ enable-rpc-climit \ diff --git a/backend/src/app/http/middleware.clj b/backend/src/app/http/middleware.clj index feb07afb50..95cc15e290 100644 --- a/backend/src/app/http/middleware.clj +++ b/backend/src/app/http/middleware.clj @@ -213,14 +213,14 @@ (assoc "access-control-allow-origin" origin) (assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH") (assoc "access-control-allow-credentials" "true") - (assoc "access-control-expose-headers" "x-requested-with, content-type, cookie") - (assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width"))) + (assoc "access-control-expose-headers" "content-type, set-cookie") + (assoc "access-control-allow-headers" "x-frontend-version, x-client, x-requested-width, content-type, accept, cookie"))) (defn wrap-cors [handler] (fn [request] (let [response (if (= (yreq/method request) :options) - {::yres/status 200} + {::yres/status 204} (handler request)) origin (yreq/get-header request "origin")] (update response ::yres/headers with-cors-headers origin))))