From bbda43e4a0b9a70ed305611ef7d54deab0f7132d Mon Sep 17 00:00:00 2001
From: Harkamal Randhawa <harkamalsr@gmail.com>
Date: Wed, 15 Apr 2026 07:37:43 -0600
Subject: [PATCH] fix proxy origin header and cors allowed origins config

---
 backend/src/main/resources/application.yml | 1 +
 web/app/api/[...path]/route.js             | 1 +
 2 files changed, 2 insertions(+)

diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
index c054ea4e..016775af 100644
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@@ -53,6 +53,7 @@ app:
   upload:
     base-dir: ${UPLOAD_BASE_DIR:uploads}
   frontend-url: ${FRONTEND_URL:http://localhost:3000}
+  allowed-origins: ${ALLOWED_ORIGINS:http://localhost:3000,http://localhost:3001,http://127.0.0.1:3000}
 
 azure:
   storage:
diff --git a/web/app/api/[...path]/route.js b/web/app/api/[...path]/route.js
index ecfb4241..3dedbb30 100644
--- a/web/app/api/[...path]/route.js
+++ b/web/app/api/[...path]/route.js
@@ -7,6 +7,7 @@ async function proxy(request, { params }) {
 
   const headers = new Headers(request.headers)
   headers.delete('host')
+  headers.delete('origin')
 
   const init = { method: request.method, headers }
   if (!['GET', 'HEAD'].includes(request.method)) {