From 5196cb98111378bb03bdd4fc2dd9b7ca07c1ec7c Mon Sep 17 00:00:00 2001
From: Daniel Nagel <office@danielnagel.at>
Date: Sat, 20 Sep 2025 22:44:02 +0200
Subject: [PATCH] cors

---
 gateway.cjs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/gateway.cjs b/gateway.cjs
index c32a3e0..c6fd61c 100644
--- a/gateway.cjs
+++ b/gateway.cjs
@@ -5,8 +5,26 @@ const redis   = new Redis({ host: process.env.REDIS_HOST || "data_jobs",
                             port: Number(process.env.REDIS_PORT || 6379) });
 const JOBS    = process.env.JOB_QUEUE    || "grist:jobs";
 const RESULTS = process.env.RESULT_QUEUE || "grist:results";
+const ALLOW_ORIGIN = process.env.ALLOW_ORIGIN || "https://map.arenos.danielnagel.at";
 
 http.createServer(async (req, res) => {
+
+  // ---- CORS Header immer mitsenden ----
+  res.setHeader("Access-Control-Allow-Origin", ALLOW_ORIGIN);
+  res.setHeader("Vary", "Origin");
+
+  // Preflight (OPTIONS) beantworten
+  if (req.method === "OPTIONS") {
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    // wenn du Auth/Cookies brauchst:
+    // res.setHeader("Access-Control-Allow-Credentials", "true");
+    res.statusCode = 204;
+    return res.end();
+  }
+  // -------------------------------------
+
+
   if (req.method === "POST" && req.url === "/api/job") {
     const stream = await readJsonBody(req);                  // JSON Stream vom Client. mit readJsonBody() wieder zurück in JSON.
     await redis.lpush(JOBS, JSON.stringify(stream));         // Job in Queue. Als String in Redis eintragen. Der Worker nimmt dann den String.