GET to /authorize and POST /token does not have CORS headers

**Describe the bug**

Anything not under /api (such as /authorize and /token) don't have CORS headers.

**On which Mbin instance did you find the bug?**
fedia.io

**Which Mbin version was running on the instance?**
1.8.2

**To Reproduce**
Steps to reproduce the behavior:

Do the authorize flow. on a POST to /token, observe CORS headers are not set.

CORS headers are necessary for 3rd party webapps.

**Expected behavior**

CORS on /token and /authorize

**Screenshots**

<img width="475" height="349" alt="Image" src="https://github.com/user-attachments/assets/111d8906-e873-4b2a-999d-53966401c1ae" />

**Desktop (please complete the following information):**
 - OS: [e.g. iOS]
 - Browser: [e.g. chrome, safari]
 - Browser Version: [e.g. 123]

**Smartphone (please complete the following information):**
 - Device: [e.g. iPhone6]
 - OS: [e.g. iOS8.1]
 - Browser: [e.g. stock browser, safari]
 - Browser Version: [e.g. 123]

**Additional context**
Add any other context about the problem here.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

GET to /authorize and POST /token does not have CORS headers #1675

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

GET to /authorize and POST /token does not have CORS headers #1675

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions