From 6aa7c63b079054383f83e7da4bb50e59360404b0 Mon Sep 17 00:00:00 2001
From: PhatPhuckDave <david.majdandzic@hotmail.com>
Date: Thu, 8 Jan 2026 14:26:53 +0100
Subject: [PATCH] Force CORS

---
 nginx.conf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/nginx.conf b/nginx.conf
index bb347fe..12dee50 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -32,6 +32,17 @@ http {
             proxy_set_header Host $proxy_host;
             proxy_ssl_server_name on;
 
+            # CORS headers
+            add_header Access-Control-Allow-Origin * always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH" always;
+            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Cache,X-NoCache,X-Status" always;
+            add_header Access-Control-Expose-Headers "X-Cache-Status" always;
+
+            # Handle preflight OPTIONS requests
+            if ($request_method = 'OPTIONS') {
+                return 204;
+            }
+
             proxy_cache api_cache;
             proxy_cache_valid 200 201 202 203 204 205 206 207 208 226 365d;
 
@@ -45,6 +56,15 @@ http {
 
         location = /index.html {
             root /usr/share/nginx/html;
+            # CORS headers for HTML interface
+            add_header Access-Control-Allow-Origin * always;
+            add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" always;
+
+            # Handle preflight OPTIONS requests
+            if ($request_method = 'OPTIONS') {
+                return 204;
+            }
         }
     }
 }
\ No newline at end of file