updated CORS config

.env.example

@@ -9,9 +9,7 @@ VAPID_SUBJECT=mailto:mailto:user@example.org
 # --- Server Configuration ---
 # Internal port for the Node.js app
 PORT=3000
-# Path inside the container
 SUBSCRIPTIONS_FILE=/app/subscriptions.json 
-# Default button name to use when not specified
 DEFAULT_BUTTON_NAME=game-button
 
 # --- Authentication (Optional) ---
@@ -26,9 +24,9 @@ BASIC_AUTH_PASSWORD=password
 # Comma-separated list of allowed origins for requests (e.g., your PWA frontend URL)
 # If blank or not set, CORS might block browser requests (like from a setup page).
 # Use '*' carefully, preferably list specific domains.
-ALLOWED_ORIGINS=https://game-timer.virtonline.eu
-ALLOWED_METHODS=POST,GET,OPTIONS
-ALLOWED_HEADERS=Content-Type,Authorization
+ALLOWED_ORIGINS=https://game-timer.virtonline.eu,http://localhost
+ALLOWED_METHODS=POST,GET
+ALLOWED_HEADERS=Content-Type,Authorization,button-name,button-battery-level,timestamp
 
 # --- Web Push Retry Configuration (Optional) ---
 # Number of retries on failure (e.g., DNS issues)

labels.example

@@ -17,9 +17,9 @@ traefik.http.routers.flic-webhook-webpush.service=flic-webhook-webpush
 traefik.http.services.flic-webhook-webpush.loadbalancer.server.port=3000
 
 # Middleware CORS
-traefik.http.middlewares.cors-headers.headers.accesscontrolallowmethods=POST,GET,OPTIONS
+traefik.http.middlewares.cors-headers.headers.accesscontrolallowmethods=POST,GET
 traefik.http.middlewares.cors-headers.headers.accesscontrolalloworiginlist=https://game-timer.virtonline.eu
-traefik.http.middlewares.cors-headers.headers.accesscontrolallowheaders=Content-Type,Authorization
+traefik.http.middlewares.cors-headers.headers.accesscontrolallowheaders=Content-Type,Authorization,button-name,button-battery-level,timestamp
 traefik.http.middlewares.cors-headers.headers.accesscontrolallowcredentials=true
 traefik.http.middlewares.cors-headers.headers.accesscontrolmaxage=600
 traefik.http.middlewares.cors-headers.headers.addvaryheader=true