From 81e11c155e553b255040ceed834e9fbc57e28aed Mon Sep 17 00:00:00 2001
From: cpu <cpu@virtonline.eu>
Date: Sun, 30 Mar 2025 21:15:27 +0200
Subject: [PATCH] updated CORS config

---
 .env.example   | 8 +++-----
 labels.example | 4 ++--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/.env.example b/.env.example
index 625f725..b618dbe 100644
--- a/.env.example
+++ b/.env.example
@@ -9,9 +9,7 @@ VAPID_SUBJECT=mailto:mailto:user@example.org
 # --- Server Configuration ---
 # Internal port for the Node.js app
 PORT=3000
-# Path inside the container
 SUBSCRIPTIONS_FILE=/app/subscriptions.json 
-# Default button name to use when not specified
 DEFAULT_BUTTON_NAME=game-button
 
 # --- Authentication (Optional) ---
@@ -26,9 +24,9 @@ BASIC_AUTH_PASSWORD=password
 # Comma-separated list of allowed origins for requests (e.g., your PWA frontend URL)
 # If blank or not set, CORS might block browser requests (like from a setup page).
 # Use '*' carefully, preferably list specific domains.
-ALLOWED_ORIGINS=https://game-timer.virtonline.eu
-ALLOWED_METHODS=POST,GET,OPTIONS
-ALLOWED_HEADERS=Content-Type,Authorization
+ALLOWED_ORIGINS=https://game-timer.virtonline.eu,http://localhost
+ALLOWED_METHODS=POST,GET
+ALLOWED_HEADERS=Content-Type,Authorization,button-name,button-battery-level,timestamp
 
 # --- Web Push Retry Configuration (Optional) ---
 # Number of retries on failure (e.g., DNS issues)
diff --git a/labels.example b/labels.example
index 355f0f0..b01410c 100644
--- a/labels.example
+++ b/labels.example
@@ -17,9 +17,9 @@ traefik.http.routers.flic-webhook-webpush.service=flic-webhook-webpush
 traefik.http.services.flic-webhook-webpush.loadbalancer.server.port=3000
 
 # Middleware CORS
-traefik.http.middlewares.cors-headers.headers.accesscontrolallowmethods=POST,GET,OPTIONS
+traefik.http.middlewares.cors-headers.headers.accesscontrolallowmethods=POST,GET
 traefik.http.middlewares.cors-headers.headers.accesscontrolalloworiginlist=https://game-timer.virtonline.eu
-traefik.http.middlewares.cors-headers.headers.accesscontrolallowheaders=Content-Type,Authorization
+traefik.http.middlewares.cors-headers.headers.accesscontrolallowheaders=Content-Type,Authorization,button-name,button-battery-level,timestamp
 traefik.http.middlewares.cors-headers.headers.accesscontrolallowcredentials=true
 traefik.http.middlewares.cors-headers.headers.accesscontrolmaxage=600
 traefik.http.middlewares.cors-headers.headers.addvaryheader=true