From cd0c0b21b4fd613b4c967d193141f0d853ca10f0 Mon Sep 17 00:00:00 2001
From: HaimKortovich <haimkortovich88@gmail.com>
Date: Wed, 13 May 2026 17:57:24 -0500
Subject: [PATCH] add corsplug

---
 config/runtime.exs                 | 16 +---------------
 lib/policy_service_web/endpoint.ex |  4 ++--
 2 files changed, 3 insertions(+), 17 deletions(-)

diff --git a/config/runtime.exs b/config/runtime.exs
index 68cec1b..4d26464 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -39,21 +39,7 @@ cors_origin = System.get_env("CORS_ORIGIN", "*")
 
 config :cors_plug,
   origin: cors_origin,
-  headers: [
-    "Authorization",
-    "x-organization-id",
-    "Content-Type",
-    "Accept",
-    "Origin",
-    "User-Agent",
-    "DNT",
-    "Cache-Control",
-    "X-Mx-ReqToken",
-    "Keep-Alive",
-    "X-Requested-With",
-    "If-Modified-Since",
-    "X-CSRF-Token"
-  ]
+  allow_headers: ["*"]
 
 # Zitadel Configuration
 
diff --git a/lib/policy_service_web/endpoint.ex b/lib/policy_service_web/endpoint.ex
index f9ca4a1..027d793 100644
--- a/lib/policy_service_web/endpoint.ex
+++ b/lib/policy_service_web/endpoint.ex
@@ -25,8 +25,7 @@ defmodule PolicyServiceWeb.Endpoint do
     from: :policy_service,
     gzip: not code_reloading?,
     only: PolicyServiceWeb.static_paths(),
-    raise_on_missing_only: code_reloading?,
-    headers: %{"Access-Control-Allow-Origin" => "*"}
+    raise_on_missing_only: code_reloading?
 
   # Code reloading can be explicitly enabled under the
   # :code_reloader configuration of your endpoint.
@@ -43,6 +42,7 @@ defmodule PolicyServiceWeb.Endpoint do
     pass: ["*/*"],
     json_decoder: Phoenix.json_library()
 
+  plug CORSPlug
   plug Plug.MethodOverride
   plug Plug.Head
   plug Plug.Session, @session_options