From d5679c05e834e7e4b22a2f7d8bc82123cf379748 Mon Sep 17 00:00:00 2001
From: Nurfog <juan.allende@gmail.com>
Date: Mon, 23 Mar 2026 13:07:37 -0300
Subject: [PATCH] fix: CORS headers for video/audio assets streaming

- Added HEAD method to CORS allowed methods
- Added Range header support for video streaming
- Exposed Content-Range and Accept-Ranges headers
- Required for proper video playback from Experience (port 3003) to CMS (port 3001)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
---
 services/cms-service/src/main.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/services/cms-service/src/main.rs b/services/cms-service/src/main.rs
index d2ec490..cc292f6 100644
--- a/services/cms-service/src/main.rs
+++ b/services/cms-service/src/main.rs
@@ -108,14 +108,15 @@ async fn main() {
             // Allow any origin for development (remove in production)
             "http://192.168.0.254".parse::<http::HeaderValue>().unwrap(),
         ])
-        .allow_methods([Method::GET, Method::POST, Method::PUT, Method::DELETE, Method::OPTIONS, Method::PATCH])
+        .allow_methods([Method::GET, Method::POST, Method::PUT, Method::DELETE, Method::OPTIONS, Method::PATCH, Method::HEAD])
         .allow_headers([
             header::CONTENT_TYPE,
             header::AUTHORIZATION,
             header::HeaderName::from_static("x-requested-with"),
             header::HeaderName::from_static("x-organization-id"),
+            header::RANGE,
         ])
-        .expose_headers([header::CONTENT_LENGTH, header::CONTENT_TYPE]);
+        .expose_headers([header::CONTENT_LENGTH, header::CONTENT_TYPE, header::CONTENT_RANGE, header::ACCEPT_RANGES]);
 
     // Rate limiting: Deshabilitado temporalmente por problemas de compatibilidad con tower-governor
     // Para habilitar en producción, configurar con GovernorLayer y ajustar los límites apropiadamente