fix: allow csrf header through cors

2025-04-17 15:53:49 +03:00 · 2025-04-17 15:53:49 +03:00 · 2e188c26f3
commit 2e188c26f3
parent eb3c3b7a24
1 changed files with 2 additions and 2 deletions
--- a/server/internal/service/service.go
+++ b/server/internal/service/service.go
@ -56,8 +56,8 @@ func Run(conn *pgx.Conn, q *data.Queries, config SvcConfig) error {
 	r.Use(cors.Handler(cors.Options{
 		AllowedOrigins:   config.allowedOrigins(),
 		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
-		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
-		ExposedHeaders:   []string{"List"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-Csrf-Token"},
+		ExposedHeaders:   []string{"List", "X-Csrf-Token"},
 		AllowCredentials: true,
 		MaxAge:           300,
 	}))