From 3d199b660ca5bf8df4a9962a5e9122b1bbcf82eb Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Tue, 16 Sep 2025 15:04:34 +0000
Subject: [PATCH] Add `Access-Control-Allow-Origin: *` header to GET responses.

---
 src/pages.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pages.go b/src/pages.go
index 362e7a8..7a49517 100644
--- a/src/pages.go
+++ b/src/pages.go
@@ -79,6 +79,10 @@ func getPage(w http.ResponseWriter, r *http.Request) error {
 		// serve custom 404 page (if any)
 		io.Copy(w, reader)
 	} else {
+		// allow JavaScript code to download files even across origins
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Max-Age", "86400")
+
 		// always check whether content has changed with the origin server; it is cheap to handle
 		// ETag or If-Modified-Since queries and it avoids stale content being served
 		w.Header().Set("Cache-Control", "public, max-age=0, must-revalidate")