From c5d71bbfebd402921b56d35ee4f9b1cc8d9d0838 Mon Sep 17 00:00:00 2001
From: Arthur Lefebvre <artlef@protonmail.com>
Date: Sat, 4 Oct 2025 22:58:20 +0200
Subject: [PATCH] Configure CORS to use authentication

---
 main.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index e679285..4d485fa 100644
--- a/main.go
+++ b/main.go
@@ -24,7 +24,7 @@ func setup(config *config.Config) *gin.Engine {
 		panic(err)
 	}
 	r := gin.Default()
-	r.Use(cors.Default()) // All origins allowed by default
+	r.Use(cors.New(configureCors())) // All origins allowed by default
 	r.Use(middleware.Auth())
 	r.GET("/books", func(c *gin.Context) {
 		api.GetBooksHanderl(c, db)
@@ -40,3 +40,12 @@ func setup(config *config.Config) *gin.Engine {
 	})
 	return r
 }
+
+func configureCors() cors.Config {
+	config := cors.DefaultConfig()
+	config.AllowOrigins = []string{"http://localhost:5173"}
+	config.AllowPrivateNetwork = true
+	config.AllowCredentials = true
+	config.AllowHeaders = []string{"Authorization", "Content-Type"}
+	return config
+}