fix: added cors headers to be part of every response (#151)

n3rdc4ptn · web-flow · commit 8017d86d3207 · 2025-03-28T14:22:39.000+01:00
diff --git a/gateway/manager/manager.go b/gateway/manager/manager.go
@@ -190,16 +190,19 @@ func (s *Service) createHandler(schema *graphql.Schema) *graphqlHandler {
 
 func (s *Service) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
-	if (*r).Method == "OPTIONS" && s.appCfg.Cors.Enabled {
+	if s.appCfg.Cors.Enabled {
 		allowedOrigins := strings.Join(s.appCfg.Cors.AllowedOrigins, ",")
 		allowedHeaders := strings.Join(s.appCfg.Cors.AllowedHeaders, ",")
 		w.Header().Set("Access-Control-Allow-Origin", allowedOrigins)
 		w.Header().Set("Access-Control-Allow-Headers", allowedHeaders)
 		// setting cors allowed methods is not needed for this service,
 		// as all graphql methods are part of the cors safelisted methods
 		// https://fetch.spec.whatwg.org/#cors-safelisted-method
-		w.WriteHeader(http.StatusOK)
-		return
+
+		if r.Method == http.MethodOptions {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
 	}
 
 	workspace, err := s.parsePath(r.URL.Path)
