From ffe5152aa5e1b7d8ec23e802b0ac45f15afa2b0d Mon Sep 17 00:00:00 2001
From: Buffden <buffdenslays@gmail.com>
Date: Wed, 8 Apr 2026 11:37:53 -0500
Subject: [PATCH] applying cors header to the 429 error code upon rate limiting
 in ngxin prod

---
 infra/nginx/nginx.prod.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infra/nginx/nginx.prod.conf b/infra/nginx/nginx.prod.conf
index a02e10a..6c05a26 100644
--- a/infra/nginx/nginx.prod.conf
+++ b/infra/nginx/nginx.prod.conf
@@ -302,6 +302,8 @@ http {
         # API clients expect JSON — an HTML response breaks their parsing.
         # -------------------------------------------------------------------
         location @rate_limit_error {
+            add_header 'Access-Control-Allow-Origin' '*' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
             default_type application/json;
             return 429 '{"status":429,"error":"Too Many Requests","message":"Rate limit exceeded. Please try again later."}';
         }