From e0f6dabd9f88a45f7f37504c01a4f5a75094eb25 Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Tue, 16 Sep 2025 17:12:45 +0000
Subject: [PATCH] Set `Access-Control-Allow-Origin` for HTTP error responses as
 well.

---
 src/pages.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/pages.go b/src/pages.go
index 4334b42..a070461 100644
--- a/src/pages.go
+++ b/src/pages.go
@@ -76,6 +76,10 @@ func getPage(w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	// allow JavaScript code to access responses (including errors) even across origins
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Max-Age", "86400")
+
 	// decide on the HTTP status
 	if err != nil {
 		if errors.Is(err, os.ErrNotExist) {
@@ -90,10 +94,6 @@ func getPage(w http.ResponseWriter, r *http.Request) error {
 		// serve custom 404 page (if any)
 		io.Copy(w, reader)
 	} else {
-		// allow JavaScript code to download files even across origins
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-Control-Max-Age", "86400")
-
 		// allow the use of multi-threading in WebAssembly
 		w.Header().Set("Cross-Origin-Embedder-Policy", "credentialless")
 		w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")