From 2a40732338d975786c8357ce8371e7ca008b167d Mon Sep 17 00:00:00 2001
From: scoobycoder <scoobycoder@gmail.com>
Date: Sun, 26 Apr 2026 19:47:54 +0000
Subject: [PATCH] fix: add CORS headers to mock API server

All API routes were missing CORS headers, causing cross-origin requests from
the frontend to fail when running on a different origin during development.
Added Access-Control-Allow-Origin, Allow-Headers, Allow-Methods headers and
OPTIONS preflight handling.

Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
---
 api/mock-server.js | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/api/mock-server.js b/api/mock-server.js
index 03d743e..b48b806 100644
--- a/api/mock-server.js
+++ b/api/mock-server.js
@@ -10,14 +10,13 @@ const express = require("express");
 const app = express();
 app.use(express.json());
 
-// BUG: Missing CORS headers on all routes.
-// Cross-origin requests from the frontend (different origin in dev) will fail.
-// A correct implementation would include:
-//   app.use((req, res, next) => {
-//     res.header("Access-Control-Allow-Origin", "*");
-//     res.header("Access-Control-Allow-Headers", "Content-Type");
-//     next();
-//   });
+app.use((req, res, next) => {
+  res.header("Access-Control-Allow-Origin", "*");
+  res.header("Access-Control-Allow-Headers", "Content-Type");
+  res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+  if (req.method === "OPTIONS") return res.sendStatus(204);
+  next();
+});
 
 // GET /api/products
 // Returns all products. Works correctly.