From 4547bf9f6eadbc4b2e5ef308d8dc15a11eec0101 Mon Sep 17 00:00:00 2001
From: Atridad Lahiji <me@atri.dad>
Date: Mon, 24 Mar 2025 01:15:32 -0600
Subject: [PATCH] CORS

---
 api/sse.go |  8 ++++++++
 main.go    | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git a/api/sse.go b/api/sse.go
index 96372cd..dbb2d20 100644
--- a/api/sse.go
+++ b/api/sse.go
@@ -30,6 +30,14 @@ func SSE(c echo.Context) error {
 	c.Response().Header().Set(echo.HeaderConnection, "keep-alive")
 	c.Response().Header().Set(echo.HeaderCacheControl, "no-cache")
 
+	// Get origin from request
+	origin := c.Request().Header.Get(echo.HeaderOrigin)
+	// Only allow specific origins
+	if origin == "https://atri.dad" || origin == "http://localhost:3000" {
+		c.Response().Header().Set(echo.HeaderAccessControlAllowOrigin, origin)
+		c.Response().Header().Set(echo.HeaderAccessControlAllowCredentials, "true")
+	}
+
 	// Create a channel to receive messages from the lib.SSEServer
 	clientChan := make(chan string)
 
diff --git a/main.go b/main.go
index 69174ad..a4c55a3 100755
--- a/main.go
+++ b/main.go
@@ -43,6 +43,16 @@ func main() {
 	}))
 	e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(50)))
 
+	// Add CORS middleware
+	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
+		AllowOrigins:     []string{"https://atri.dad", "http://localhost:3000"},
+		AllowMethods:     []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete},
+		AllowHeaders:     []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
+		ExposeHeaders:    []string{echo.HeaderContentType},
+		AllowCredentials: true,
+		MaxAge:           86400,
+	}))
+
 	// Static server
 	fs := http.FS(PublicFS)
 	e.GET("/public/*", echo.WrapHandler(http.FileServer(fs)))