fix(vibetype): move allowed headers from postgraphile

Author: dargmuesli

src/development/stack.yml

@@ -363,7 +363,7 @@ services:
         - traefik.http.middlewares.postgraphile_auth.forwardauth.forwardBody=true
         - traefik.http.middlewares.postgraphile_auth.forwardauth.preserveRequestMethod=true
         - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowCredentials=true
-        - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowHeaders=authorization,baggage,content-type,sentry-trace,x-turnstile-key
+        - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowHeaders=authorization
         - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowOriginList=https://${STACK_DOMAIN},https://localhost:3000,https://app.localhost:3000
         - traefik.http.routers.postgraphile.entryPoints=web
         - traefik.http.routers.postgraphile.middlewares=redirectscheme #DARGSTACK-REMOVE
@@ -593,7 +593,7 @@ services:
     deploy:
       labels:
         - traefik.enable=true
-        - traefik.http.middlewares.vibetype_cors.headers.accessControlAllowHeaders=authorization,hook-name
+        - traefik.http.middlewares.vibetype_cors.headers.accessControlAllowHeaders=authorization,content-type,hook-name,x-turnstile-key
         - traefik.http.middlewares.vibetype_cors.headers.accessControlAllowMethods=GET,POST,PUT,DELETE
         - traefik.http.middlewares.vibetype_cors.headers.accessControlAllowOriginList=https://localhost:3000,https://app.localhost:3000
         - traefik.http.middlewares.vibetype_redirectregex.redirectregex.regex=^https?:\/\/www\.${STACK_DOMAIN}\/(.*)