From f5f02dbc6db711258fbdff4ae566e91dec1761a3 Mon Sep 17 00:00:00 2001
From: Julien Calixte <julienc@bam.tech>
Date: Mon, 9 Feb 2026 19:33:47 +0100
Subject: [PATCH] feat: add CORS middleware to allow all origins

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 server.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/server.ts b/server.ts
index 87bb140..49a8d2a 100644
--- a/server.ts
+++ b/server.ts
@@ -21,6 +21,18 @@ router.get("/:did/notes", (ctx) => {
 });
 
 const app = new Application();
+
+app.use(async (ctx, next) => {
+  ctx.response.headers.set("Access-Control-Allow-Origin", "*");
+  ctx.response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+  ctx.response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
+  if (ctx.request.method === "OPTIONS") {
+    ctx.response.status = 204;
+    return;
+  }
+  await next();
+});
+
 app.use(router.routes());
 app.use(router.allowedMethods());