allow options as well

apps/web/next.config.mjs

@@ -19,23 +19,6 @@ const config = {
     locales: ['en'],
     defaultLocale: 'en',
   },
-  async headers() {
-    return [
-      {
-        source: '/api/sdk/:path*',
-        headers: [
-          { key: 'Access-Control-Allow-Credentials', value: 'true' },
-          { key: 'Access-Control-Allow-Origin', value: '*' },
-          { key: 'Access-Control-Allow-Methods', value: 'POST,PUT' },
-          // {
-          //   key: 'Access-Control-Allow-Headers',
-          //   value:
-          //     'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version',
-          // },
-        ],
-      },
-    ];
-  },
 };
 
 export default config;

apps/web/src/_middleware.ts

@@ -1,3 +0,0 @@
-export { default } from 'next-auth/middleware';
-
-export const config = { matcher: ['/dashboard'] };

apps/web/src/middleware.ts

@@ -0,0 +1,24 @@
+import type { NextRequest } from 'next/server';
+import { NextResponse } from 'next/server';
+
+export const config = { matcher: ['/api/sdk/:path*'] };
+
+export const cors = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Methods': 'POST, PUT, OPTIONS',
+  'Access-Control-Allow-Headers':
+    'Content-Type, Authorization, Mixan-Client-Id, Mixan-Client-Secret',
+};
+
+export function middleware(request: NextRequest) {
+  const response = NextResponse.next();
+
+  if (request.method === 'OPTIONS') {
+    return NextResponse.json({}, { headers: cors });
+  }
+
+  Object.entries(cors).forEach(([key, value]) => {
+    response.headers.append(key, value);
+  });
+  return response;
+}

apps/web/src/pages/api/sdk/events.ts

@@ -10,6 +10,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'POST') {
     return handleError(res, createError(405, 'Method not allowed'));
   }

apps/web/src/pages/api/sdk/profiles/[profileId]/decrement.ts

@@ -10,6 +10,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'PUT') {
     return handleError(res, createError(405, 'Method not allowed'));
   }

apps/web/src/pages/api/sdk/profiles/[profileId]/increment.ts

@@ -10,6 +10,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'PUT') {
     return handleError(res, createError(405, 'Method not allowed'));
   }

apps/web/src/pages/api/sdk/profiles/[profileId]/index.ts

@@ -11,6 +11,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'PUT' && req.method !== 'POST') {
     return handleError(res, createError(405, 'Method not allowed'));
   }

apps/web/src/pages/api/sdk/profiles/index.ts

@@ -12,6 +12,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'POST') {
     return handleError(res, createError(405, 'Method not allowed'));
   }