From c5543caf5817648ac0bb0554f39f15d8bf109bdf Mon Sep 17 00:00:00 2001 From: oshankkkk Date: Mon, 6 Apr 2026 18:08:37 +0530 Subject: [PATCH 01/10] fix --- backend/internal/middleware/cors/cors.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go index 0f6ce0a..d005de0 100644 --- a/backend/internal/middleware/cors/cors.go +++ b/backend/internal/middleware/cors/cors.go @@ -5,10 +5,10 @@ import ) -func CORS(next http.Handler,url string) http.Handler { +func CORS(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - + url:="https://scintillating-commitment-production-2429.up.railway.app/" w.Header().Set("Access-Control-Allow-Origin", url) w.Header().Set("Access-Control-Allow-Credentials", "true") From e87bcbdb1dd690952574cde52de0765b9006fc56 Mon Sep 17 00:00:00 2001 From: oshankkkk Date: Mon, 6 Apr 2026 18:46:23 +0530 Subject: [PATCH 02/10] ahajh --- backend/cmd/server/main.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/cmd/server/main.go b/backend/cmd/server/main.go index 08e76e2..9e473e7 100644 --- a/backend/cmd/server/main.go +++ b/backend/cmd/server/main.go @@ -106,8 +106,9 @@ func main() { w.WriteHeader(http.StatusOK) fmt.Fprintln(w, "OK") }) - url:=requiredEnv("CLIENT_URL") - check(http.ListenAndServe(httpAddress(), corsmiddleware.CORS(mux,url))) + //url:=requiredEnv("CLIENT_URL") + check(http.ListenAndServe(httpAddress(), corsmiddleware.CORS(mux))) + } func check(err error) { From b441e60b90c521ad948b725140f6d5acc8e252db Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 18:57:57 +0530 Subject: [PATCH 03/10] Fix CORS origin handling for Railway frontend --- backend/internal/middleware/cors/cors.go | 53 ++++++++++++++++++++---- 1 file changed, 45 insertions(+), 8 deletions(-) diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go index d005de0..8d932c9 100644 --- a/backend/internal/middleware/cors/cors.go +++ b/backend/internal/middleware/cors/cors.go @@ -1,23 +1,25 @@ package middleware -import -("net/http" - +import ( + "net/http" + "os" + "strings" ) func CORS(next http.Handler) http.Handler { + allowedOrigins := allowedOriginsFromEnv() return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - url:="https://scintillating-commitment-production-2429.up.railway.app/" - w.Header().Set("Access-Control-Allow-Origin", url) + origin := strings.TrimSpace(r.Header.Get("Origin")) + if isAllowedOrigin(origin, allowedOrigins) { + w.Header().Set("Access-Control-Allow-Origin", origin) + w.Header().Add("Vary", "Origin") + } w.Header().Set("Access-Control-Allow-Credentials", "true") - w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type") - w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS") - // preflight if r.Method == http.MethodOptions { w.WriteHeader(http.StatusOK) return @@ -26,3 +28,38 @@ func CORS(next http.Handler) http.Handler { next.ServeHTTP(w, r) }) } + +func allowedOriginsFromEnv() map[string]struct{} { + origins := map[string]struct{}{} + + for _, envKey := range []string{"CLIENT_URL", "CORS_ALLOWED_ORIGINS"} { + raw := strings.TrimSpace(os.Getenv(envKey)) + if raw == "" { + continue + } + + for _, candidate := range strings.Split(raw, ",") { + origin := strings.TrimSpace(strings.TrimSuffix(candidate, "/")) + if origin == "" { + continue + } + origins[origin] = struct{}{} + } + } + + if len(origins) == 0 { + origins["http://localhost:5173"] = struct{}{} + } + + return origins +} + +func isAllowedOrigin(origin string, allowed map[string]struct{}) bool { + if origin == "" { + return false + } + + normalized := strings.TrimSuffix(strings.TrimSpace(origin), "/") + _, ok := allowed[normalized] + return ok +} From 290f201a44205a94656717e393331ca848e19b41 Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 19:24:17 +0530 Subject: [PATCH 04/10] Update cors.go --- backend/internal/middleware/cors/cors.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go index 8d932c9..dca14b9 100644 --- a/backend/internal/middleware/cors/cors.go +++ b/backend/internal/middleware/cors/cors.go @@ -4,12 +4,14 @@ import ( "net/http" "os" "strings" + "fmt" ) func CORS(next http.Handler) http.Handler { allowedOrigins := allowedOriginsFromEnv() return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Println("wada wada:") origin := strings.TrimSpace(r.Header.Get("Origin")) if isAllowedOrigin(origin, allowedOrigins) { w.Header().Set("Access-Control-Allow-Origin", origin) From d3437f9f35e07b5f58d061e74abd2f1aa6e9ebce Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 19:25:33 +0530 Subject: [PATCH 05/10] Set CLIENT_URL environment variable in Dockerfile --- backend/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/backend/Dockerfile b/backend/Dockerfile index 9b687b7..33cd485 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -8,8 +8,7 @@ ARG DB_URL ARG PORT ARG APP_ENV ARG CLERK_SECRET_KEY -ARG CLIENT_URL - +ENV CLIENT_URL=https://scintillating-commitment-production-2429.up.railway.app COPY . . RUN CGO_ENABLED=0 GOOS=linux go build -o /server ./cmd/server/ From 8285866dca558729a26f93f573ab3b497aa756da Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 19:28:13 +0530 Subject: [PATCH 06/10] Set CLIENT_URL environment variable in Dockerfile --- backend/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/Dockerfile b/backend/Dockerfile index 33cd485..48b6dbc 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -8,11 +8,11 @@ ARG DB_URL ARG PORT ARG APP_ENV ARG CLERK_SECRET_KEY -ENV CLIENT_URL=https://scintillating-commitment-production-2429.up.railway.app + COPY . . RUN CGO_ENABLED=0 GOOS=linux go build -o /server ./cmd/server/ - FROM alpine:latest +ENV CLIENT_URL=https://scintillating-commitment-production-2429.up.railway.app COPY --from=builder /server /server EXPOSE 8080 CMD ["/server"] From 2fce7d3cc7888431e253e971f0ded71414cbe211 Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 19:32:35 +0530 Subject: [PATCH 07/10] Update cors.go --- backend/internal/middleware/cors/cors.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go index dca14b9..85af2b0 100644 --- a/backend/internal/middleware/cors/cors.go +++ b/backend/internal/middleware/cors/cors.go @@ -5,17 +5,17 @@ import ( "os" "strings" "fmt" + ) func CORS(next http.Handler) http.Handler { - allowedOrigins := allowedOriginsFromEnv() - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - fmt.Println("wada wada:") - origin := strings.TrimSpace(r.Header.Get("Origin")) - if isAllowedOrigin(origin, allowedOrigins) { + + origin := r.Header.Get("Origin") + + if origin == "http://localhost:5173" || + origin == "https://scintillating-commitment-production-2429.up.railway.app" { w.Header().Set("Access-Control-Allow-Origin", origin) - w.Header().Add("Vary", "Origin") } w.Header().Set("Access-Control-Allow-Credentials", "true") From 106629b68da7678c0d55b9a96c02ce860538ed50 Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 22:56:58 +0530 Subject: [PATCH 08/10] all orgins --- backend/internal/middleware/cors/cors.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go index 85af2b0..88f5288 100644 --- a/backend/internal/middleware/cors/cors.go +++ b/backend/internal/middleware/cors/cors.go @@ -4,7 +4,7 @@ import ( "net/http" "os" "strings" - "fmt" + //"fmt" ) @@ -13,10 +13,7 @@ func CORS(next http.Handler) http.Handler { origin := r.Header.Get("Origin") - if origin == "http://localhost:5173" || - origin == "https://scintillating-commitment-production-2429.up.railway.app" { - w.Header().Set("Access-Control-Allow-Origin", origin) - } + w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Credentials", "true") w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type") From 9c9b32c402384f80e3db16a944244509f34b8128 Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 22:59:50 +0530 Subject: [PATCH 09/10] new new --- backend/internal/middleware/cors/cors.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go index 88f5288..7c5481e 100644 --- a/backend/internal/middleware/cors/cors.go +++ b/backend/internal/middleware/cors/cors.go @@ -11,7 +11,7 @@ import ( func CORS(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - origin := r.Header.Get("Origin") + //origin := r.Header.Get("Origin") w.Header().Set("Access-Control-Allow-Origin", "*") From d3181213aa83f70479be505aca49e4f63e1e47e7 Mon Sep 17 00:00:00 2001 From: Oshan Date: Mon, 6 Apr 2026 23:42:59 +0530 Subject: [PATCH 10/10] wa --- backend/internal/middleware/cors/cors.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go index 7c5481e..60f10f8 100644 --- a/backend/internal/middleware/cors/cors.go +++ b/backend/internal/middleware/cors/cors.go @@ -11,9 +11,9 @@ import ( func CORS(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - //origin := r.Header.Get("Origin") + origin := r.Header.Get("Origin") - w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Origin", origin) w.Header().Set("Access-Control-Allow-Credentials", "true") w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")