Merge remote-tracking branch 'origin/master'

This commit is contained in:
2026-02-13 23:23:55 +03:00
parent f7211d5cf7
commit 78f183c9ee
3 changed files with 22 additions and 87 deletions

View File

@@ -27,15 +27,33 @@ import (
===========================================================
*/
func enableCORS(h http.Handler) http.Handler {
frontendURL := os.Getenv("APP_FRONTEND_URL")
// Default fallback (dev için)
if frontendURL == "" {
frontendURL = "http://localhost:9000"
}
log.Println("🌍 CORS Allowed Origin:", frontendURL)
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "http://localhost:9000")
w.Header().Set("Access-Control-Allow-Credentials", "true")
origin := r.Header.Get("Origin")
// Sadece izin verilen origin'e cevap ver
if origin == frontendURL {
w.Header().Set("Access-Control-Allow-Origin", origin)
w.Header().Set("Vary", "Origin")
w.Header().Set("Access-Control-Allow-Credentials", "true")
}
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
// Preflight
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusOK)
w.WriteHeader(http.StatusNoContent)
return
}