From 29c9f0139ef6d4473e3879010e4842005c8fd27e Mon Sep 17 00:00:00 2001
From: Paulo Reyes <aijin02@gmail.com>
Date: Tue, 10 Feb 2026 22:16:37 +0800
Subject: [PATCH] CORS troubleshooting

---
 Caddyfile       | 9 ++++++---
 app/api/deps.py | 7 +++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/Caddyfile b/Caddyfile
index aaa1969..4854b6f 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,13 +1,16 @@
 ai-gateway.ldex.dev {
-    # 1. Force CORS headers for every request
+    # 1. Force CORS headers and DELETE duplicates from backend
     header {
+        -Access-Control-Allow-Origin
+        -Access-Control-Allow-Methods
+        -Access-Control-Allow-Headers
         Access-Control-Allow-Origin *
         Access-Control-Allow-Methods "GET, POST, OPTIONS"
         Access-Control-Allow-Headers "*"
         Access-Control-Expose-Headers "*"
     }
 
-    # 2. Immediately handle OPTIONS requests (the preflight)
+    # 2. Immediately handle OPTIONS requests
     @options {
         method OPTIONS
     }
@@ -15,6 +18,6 @@ ai-gateway.ldex.dev {
         respond "" 204
     }
 
-    # 3. Proxy everything else to the app
+    # 3. Proxy everything else
     reverse_proxy ai-gateway:8000
 }
diff --git a/app/api/deps.py b/app/api/deps.py
index 7d2382b..fd1eb6b 100644
--- a/app/api/deps.py
+++ b/app/api/deps.py
@@ -20,6 +20,13 @@ async def get_api_key(
     # Use header if provided, otherwise fallback to query param
     api_key = api_key_h or api_key_q
 
+    # DEBUG LOGGING FOR 403 TROUBLESHOOTING
+    print(f"DEBUG: Auth Check - Header: {'Yes' if api_key_h else 'No'}, Query: {'Yes' if api_key_q else 'No'}")
+    if api_key:
+        print(f"DEBUG: API Key received (prefix): {api_key[:5]}...")
+    else:
+        print("DEBUG: API Key is MISSING from both header and query params")
+
     if not api_key:
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,