From ca827db53e9b49832f96caa945b13abb953e9ebf Mon Sep 17 00:00:00 2001
From: LORDBABUINO <lordbabuino@protonmail.com>
Date: Mon, 11 May 2026 20:18:31 -0300
Subject: [PATCH] feat(api): add permissive CORS layer

Browser-based frontends need CORS to call the API. Apply
tower_http::cors::CorsLayer::permissive() at the router level so
the frontend (and other origins during development) can reach the
scan endpoint.
---
 api/Cargo.toml | 1 +
 api/src/lib.rs | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/api/Cargo.toml b/api/Cargo.toml
index d5895ba..4492e30 100644
--- a/api/Cargo.toml
+++ b/api/Cargo.toml
@@ -19,6 +19,7 @@ stealth-bitcoincore = { path = "../bitcoincore" }
 stealth-engine = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true }
+tower-http = { version = "0.6.6", features = ["cors"] }
 tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 
diff --git a/api/src/lib.rs b/api/src/lib.rs
index 6c91b0f..efab047 100644
--- a/api/src/lib.rs
+++ b/api/src/lib.rs
@@ -6,6 +6,7 @@ use std::sync::Arc;
 
 use axum::Router;
 use stealth_engine::gateway::BlockchainGateway;
+use tower_http::cors::CorsLayer;
 
 /// Shared application state: an optional blockchain gateway.
 pub type GatewayState = Option<Arc<dyn BlockchainGateway + Send + Sync>>;
@@ -19,5 +20,6 @@ pub fn app() -> Router {
 pub fn app_with_gateway(gateway: GatewayState) -> Router {
     Router::new()
         .nest("/api/wallet", routes::wallet::router())
+        .layer(CorsLayer::permissive())
         .with_state(gateway)
 }