From 4c6ca65b441d972fe1ff6dc97d5fbb18080594e4 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Sun, 15 Mar 2026 15:52:50 +0100
Subject: [PATCH] CORS: change max age from 5s to 60s

---
 src/api/middlewares/CORS.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/middlewares/CORS.ts b/src/api/middlewares/CORS.ts
index 231862504..7e2a38733 100644
--- a/src/api/middlewares/CORS.ts
+++ b/src/api/middlewares/CORS.ts
@@ -25,7 +25,7 @@ export function CORS(req: Request, res: Response, next: NextFunction) {
     res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*");
     res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Method") || "*");
     res.set("Access-Control-Allow-Origin", req.header("Origin") ?? "*");
-    res.set("Access-Control-Max-Age", "5"); // dont make it too long so we can change it dynamically
+    res.set("Access-Control-Max-Age", "60"); // dont make it too long so we can change it dynamically
     // TODO: use better CSP
     res.set(
         "Content-security-policy",