From cd343babea1b1988c8eb9216f6034980bbdf0e95 Mon Sep 17 00:00:00 2001
From: Niran Babalola <niran.babalola@coinbase.com>
Date: Sun, 15 Mar 2026 12:35:18 -0500
Subject: [PATCH 1/2] Add CORS headers to API routes

Allow cross-origin requests to /api/* endpoints by adding a Next.js
proxy (the v16 replacement for middleware) that sets
Access-Control-Allow-Origin: * on all API responses and handles
OPTIONS preflight requests.
---
 src/proxy.ts | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 src/proxy.ts

diff --git a/src/proxy.ts b/src/proxy.ts
new file mode 100644
index 0000000..66c5882
--- /dev/null
+++ b/src/proxy.ts
@@ -0,0 +1,25 @@
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+
+export function proxy(request: NextRequest) {
+  if (request.method === "OPTIONS") {
+    return new NextResponse(null, {
+      status: 204,
+      headers: {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET, OPTIONS",
+        "Access-Control-Allow-Headers": "Content-Type",
+      },
+    });
+  }
+
+  const response = NextResponse.next();
+  response.headers.set("Access-Control-Allow-Origin", "*");
+  response.headers.set("Access-Control-Allow-Methods", "GET, OPTIONS");
+  response.headers.set("Access-Control-Allow-Headers", "Content-Type");
+  return response;
+}
+
+export const config = {
+  matcher: "/api/:path*",
+};

From 0991bf9a07a6a495de208e8f7ff65f4446dadbab Mon Sep 17 00:00:00 2001
From: Niran Babalola <niran.babalola@coinbase.com>
Date: Sun, 15 Mar 2026 12:39:53 -0500
Subject: [PATCH 2/2] Fix import ordering for biome lint

---
 src/proxy.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/proxy.ts b/src/proxy.ts
index 66c5882..6759d1d 100644
--- a/src/proxy.ts
+++ b/src/proxy.ts
@@ -1,5 +1,5 @@
-import { NextResponse } from "next/server";
 import type { NextRequest } from "next/server";
+import { NextResponse } from "next/server";
 
 export function proxy(request: NextRequest) {
   if (request.method === "OPTIONS") {