From 68caecf10421c66e974954c50ff3bc070a7352e0 Mon Sep 17 00:00:00 2001
From: Andreas Knuth <andreas.knuth@gmail.com>
Date: Wed, 31 Dec 2025 11:48:47 -0600
Subject: [PATCH] cors options

---
 backend/server.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/backend/server.js b/backend/server.js
index 065e29a..6c6ffe2 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -16,7 +16,22 @@ const TOKEN_SECRET = process.env.TOKEN_SECRET_KEY;
 
 // Middleware
 app.use(helmet());
-app.use(cors());
+//app.use(cors());
+const corsOptions = {
+  origin: [
+    'https://config.email-bayarea.com',
+  ],
+  methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
+  allowedHeaders: [
+    'Content-Type',
+    'Accept',
+    'Authorization',
+    'x-hide-loading',
+  ],
+  credentials: false, // true nur wenn Cookies / Auth-Headers mit credentials genutzt werden
+};
+app.use(cors(corsOptions));
+app.options('*', cors(corsOptions));
 app.use(express.json());
 app.use(morgan('dev'));