Allow requests from localhost

Caddyfile

beeos-dev-api.lumoscodes.dev {

    # --- CORS preflight (OPTIONS) ---
    @preflight {
        method OPTIONS
        header Origin *
        header Access-Control-Request-Method *
        # optionally restrict it:
        # path /api/*
    }

    handle @preflight {
        # CORS headers for preflight
        header {
            Access-Control-Allow-Origin http://localhost:3000
            Access-Control-Allow-Credentials true
            Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
            Access-Control-Allow-Headers *
            Access-Control-Max-Age 86400
        }
        respond 204
    }

    # --- logs UI ---
    handle_path /logs* {
        reverse_proxy dozzle:8080
    }

    # --- main API ---
    handle {
        # common headers for “real” responses
        header {
            Referrer-Policy unsafe-url
            Access-Control-Allow-Origin http://localhost:3000
            Access-Control-Allow-Credentials true
            Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
            Access-Control-Allow-Headers *
            defer
        }

        reverse_proxy api:8080 {
            # strip any CORS headers from upstream so Caddy’s are authoritative
            header_down -Access-Control-Allow-Origin
            header_down -Referrer-Policy
        }
    }
}