From 1cd3e0cbff2a53b6ec9c14301ce395a9c9503ca7 Mon Sep 17 00:00:00 2001
From: Christian Jonard Narrido Balais
 <77435164+ceejay06s@users.noreply.github.com>
Date: Wed, 11 Feb 2026 10:08:04 +0800
Subject: [PATCH] fix(cors): update allowed origins and methods for local
 development

---
 src/config/cors.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/config/cors.ts b/src/config/cors.ts
index 6d6e138c..9a89066f 100644
--- a/src/config/cors.ts
+++ b/src/config/cors.ts
@@ -5,13 +5,13 @@ config();
 
 const allowedOrigins = process.env.ANIWATCH_API_CORS_ALLOWED_ORIGINS
   ? process.env.ANIWATCH_API_CORS_ALLOWED_ORIGINS.split(",")
-  : ["http://localhost:4000", "*"];
+  : ["http://localhost:4000", "http://localhost:8081", "http://localhost:19006", "*"];
 
 const corsConfig = cors({
-  allowMethods: ["GET"],
+  allowMethods: ["GET", "OPTIONS"],
   maxAge: 600,
-  credentials: true,
-  origin: allowedOrigins,
+  credentials: false, // Set to false to allow * origin
+  origin: "*", // Allow all origins for local development
 });
 
 export default corsConfig;