MeshJS · QSchlegel · Sep 22, 2025 · Sep 22, 2025
diff --git a/src/lib/cors.ts b/src/lib/cors.ts
@@ -1,5 +1,6 @@
 import Cors from "cors";
 import initMiddleware from "./init-middleware";
+import type { NextApiResponse } from "next";
 
 const rawOrigins = process.env.CORS_ORIGINS || "";
 const allowedOrigins =
@@ -10,6 +11,8 @@ export const cors = initMiddleware(
     methods: ["GET", "POST", "OPTIONS"],
     allowedHeaders: ["Content-Type", "Authorization"],
     credentials: true,
+    optionsSuccessStatus: 200, // Some legacy browsers choke on 204
+    preflightContinue: false,
     origin: function (
       origin: string | undefined,
       callback: (err: Error | null, allow?: boolean) => void,
@@ -55,3 +58,11 @@ export const cors = initMiddleware(
     },
   }),
 );
+
+// Helper function to add cache-busting headers for CORS
+export function addCorsCacheBustingHeaders(res: NextApiResponse) {
+  res.setHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
+  res.setHeader('Pragma', 'no-cache');
+  res.setHeader('Expires', '0');
+  res.setHeader('Vary', 'Origin');
+}
diff --git a/src/pages/api/v1/walletIds.ts b/src/pages/api/v1/walletIds.ts
@@ -2,12 +2,15 @@ import { NextApiRequest, NextApiResponse } from "next";
 import { createCaller } from "@/server/api/root";
 import { db } from "@/server/db";
 import { verifyJwt } from "@/lib/verifyJwt";
-import { cors } from "@/lib/cors";
+import { cors, addCorsCacheBustingHeaders } from "@/lib/cors";
 
 export default async function handler(
   req: NextApiRequest,
   res: NextApiResponse,
 ) {
+  // Add cache-busting headers for CORS
+  addCorsCacheBustingHeaders(res);
+
   await cors(req, res);
   if (req.method === "OPTIONS") {
     return res.status(200).end();