CORS troubleshooting

Caddyfile

@@ -1,13 +1,16 @@
 ai-gateway.ldex.dev {
-    # 1. Force CORS headers for every request
+    # 1. Force CORS headers and DELETE duplicates from backend
     header {
+        -Access-Control-Allow-Origin
+        -Access-Control-Allow-Methods
+        -Access-Control-Allow-Headers
         Access-Control-Allow-Origin *
         Access-Control-Allow-Methods "GET, POST, OPTIONS"
         Access-Control-Allow-Headers "*"
         Access-Control-Expose-Headers "*"
     }
 
-    # 2. Immediately handle OPTIONS requests (the preflight)
+    # 2. Immediately handle OPTIONS requests
     @options {
         method OPTIONS
     }
@@ -15,6 +18,6 @@ ai-gateway.ldex.dev {
         respond "" 204
     }
 
-    # 3. Proxy everything else to the app
+    # 3. Proxy everything else
     reverse_proxy ai-gateway:8000
 }

app/api/deps.py

@@ -20,6 +20,13 @@ async def get_api_key(
     # Use header if provided, otherwise fallback to query param
     api_key = api_key_h or api_key_q
 
+    # DEBUG LOGGING FOR 403 TROUBLESHOOTING
+    print(f"DEBUG: Auth Check - Header: {'Yes' if api_key_h else 'No'}, Query: {'Yes' if api_key_q else 'No'}")
+    if api_key:
+        print(f"DEBUG: API Key received (prefix): {api_key[:5]}...")
+    else:
+        print("DEBUG: API Key is MISSING from both header and query params")
+
     if not api_key:
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,