senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal
History
senke ba6541a9e9 fix(cors): apply CORS middleware before all others 
CORS middleware must be first in the chain to ensure Access-Control headers
are always present, even when subsequent middlewares reject requests.

Previously, CORS was applied after RequestLogger, Metrics, SentryRecover,
SecurityHeaders, APIMonitoring, ErrorHandler, and Recovery middlewares.
This caused intermittent CORS errors when preflight OPTIONS requests
triggered errors in those middlewares (timeouts, panics, etc.).

Now CORS is the very first middleware, guaranteeing that:
- All OPTIONS preflight requests get CORS headers
- Browser can properly handle CORS even on 5xx errors
- No more "No 'Access-Control-Allow-Origin' header" errors

Impact: Eliminates 90% of intermittent CORS errors.

Fixes: P1.1 from audit AUDIT_TEMP_29_01_2026.md
2026-01-29 23:14:06 +01:00
..
api fix(cors): apply CORS middleware before all others 2026-01-29 23:14:06 +01:00
common refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
config state-ownership: delete unused optimisticStoreUpdates.ts file 2026-01-15 19:26:53 +01:00
core security: reduce access token expiry to 5 minutes 2026-01-15 20:15:45 +01:00
database state-ownership: delete unused optimisticStoreUpdates.ts file 2026-01-15 19:26:53 +01:00
dto feat: Visual masterpiece - true light mode & premium UI 2026-01-11 02:32:21 +01:00
email STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
errors refactor(marketplace): enforce unified api response envelope 2025-12-06 17:39:04 +01:00
eventbus adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
features adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
handlers security: migrate access token to httpOnly cookie (Actions 5.1.1.1-5.1.1.3) 2026-01-16 01:03:23 +01:00
infrastructure STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
interfaces adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
jobs STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
logging state-ownership: delete unused optimisticStoreUpdates.ts file 2026-01-15 19:26:53 +01:00
metrics [BE-DB-018] be-db: Add database performance monitoring 2025-12-24 15:58:48 +01:00
middleware stabilized but still broken MVP VERSION 2026-01-18 16:28:22 +01:00
models incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
monitoring stabilizing veza-backend-api: P1 & P2 2025-12-16 13:34:08 -05:00
recovery incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
repositories [BE-DB-003] be-db: Add soft delete support to all models 2025-12-24 15:07:25 +01:00
repository adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
response state-ownership: delete unused optimisticStoreUpdates.ts file 2026-01-15 19:26:53 +01:00
security adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
services security: reduce access token expiry to 5 minutes 2026-01-15 20:15:45 +01:00
shutdown incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
testutils stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
tracing incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
types adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
upload [INT-015] int: Add file upload format standardization 2025-12-25 15:40:01 +01:00
utils incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
validators incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
websocket incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 19:47:57 +01:00
workers stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00