fix: accept clientURL param in CORS middleware, remove hardcoded origin

railway-app[bot] · web-flow · commit 9fba37ac0c94 · 2026-04-06T13:12:10.000Z
diff --git a/backend/internal/middleware/cors/cors.go b/backend/internal/middleware/cors/cors.go
@@ -5,11 +5,10 @@ import
 
 )
 
-func CORS(next http.Handler) http.Handler {
+func CORS(next http.Handler, clientURL string) http.Handler {
 
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			url:="https://scintillating-commitment-production-2429.up.railway.app/"
-		w.Header().Set("Access-Control-Allow-Origin", url)
+		w.Header().Set("Access-Control-Allow-Origin", clientURL)
 
 		w.Header().Set("Access-Control-Allow-Credentials", "true")
 

Original file line number	Diff line number	Diff line change
`@@ -5,11 +5,10 @@ import`
`5`	`5`
`6`	`6`	`)`
`7`	`7`
`8`		`-func CORS(next http.Handler) http.Handler {`
	`8`	`+func CORS(next http.Handler, clientURL string) http.Handler {`
`9`	`9`
`10`	`10`	`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
`11`		`- url:="https://scintillating-commitment-production-2429.up.railway.app/"`
`12`		`- w.Header().Set("Access-Control-Allow-Origin", url)`
	`11`	`+ w.Header().Set("Access-Control-Allow-Origin", clientURL)`
`13`	`12`
`14`	`13`	`w.Header().Set("Access-Control-Allow-Credentials", "true")`
`15`	`14`