server: implement CORS

server/api/api.go

@@ -3,9 +3,12 @@ package api
 import (
 	"context"
 	"net/http"
+	"os"
+	"strings"
 
 	"git.dubyatp.xyz/dubyatp/scannerbot/server/db"
 	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/cors"
 )
 
 func Start() {
@@ -17,6 +20,15 @@ func Start() {
 
 	r := chi.NewRouter()
 
+	r.Use(cors.Handler(cors.Options{
+		AllowedOrigins:   strings.Split(os.Getenv("ALLOWED_ORIGINS"), ","),
+		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+		ExposedHeaders:   []string{"Link"},
+		AllowCredentials: true,
+		MaxAge:           300, // preflight request cache
+	}))
+
 	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("hello world"))
 	})