From 6b4cc9852818f840012284776be48dbaeb0bb675 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Sep 2025 19:13:09 +0000
Subject: [PATCH 1/2] Bump github.com/go-chi/cors from 1.2.1 to 1.2.2

Bumps [github.com/go-chi/cors](https://github.com/go-chi/cors) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/go-chi/cors/releases)
- [Commits](https://github.com/go-chi/cors/compare/v1.2.1...v1.2.2)

---
updated-dependencies:
- dependency-name: github.com/go-chi/cors
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6122666..b28ec91 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.24.0
 require (
 	cdr.dev/slog v1.6.1
 	github.com/go-chi/chi/v5 v5.2.3
-	github.com/go-chi/cors v1.2.1
+	github.com/go-chi/cors v1.2.2
 	github.com/go-chi/httprate v0.15.0
 	github.com/google/uuid v1.6.0
 	github.com/lithammer/fuzzysearch v1.1.8
diff --git a/go.sum b/go.sum
index c77466c..6f97d2a 100644
--- a/go.sum
+++ b/go.sum
@@ -18,8 +18,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
 github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
-github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
-github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
+github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
+github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-chi/httprate v0.15.0 h1:j54xcWV9KGmPf/X4H32/aTH+wBlrvxL7P+SdnRqxh5g=
 github.com/go-chi/httprate v0.15.0/go.mod h1:rzGHhVrsBn3IMLYDOZQsSU4fJNWcjui4fWKJcCId1R4=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=

From 5d09690a961d8b2d482f678ed94fe929f82f6d75 Mon Sep 17 00:00:00 2001
From: Asher <ash@coder.com>
Date: Wed, 10 Sep 2025 11:40:02 -0800
Subject: [PATCH 2/2] Update cors test

go-chi/cors was updated to allow blank origins.
---
 api/httpmw/cors_test.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/api/httpmw/cors_test.go b/api/httpmw/cors_test.go
index 37aeba1..206a70c 100644
--- a/api/httpmw/cors_test.go
+++ b/api/httpmw/cors_test.go
@@ -107,11 +107,7 @@ func TestCors(t *testing.T) {
 					// OPTIONS should echo back the request method and headers (if there
 					// is an origin header set) and we should never get to our handler as
 					// the middleware short-circuits with a 200.
-					if method == http.MethodOptions && test.origin == "" {
-						require.Equal(t, "", rw.Header().Get(httpmw.AccessControlAllowMethodsHeader))
-						require.Equal(t, "", rw.Header().Get(httpmw.AccessControlAllowHeadersHeader))
-						require.Equal(t, http.StatusOK, rw.Code)
-					} else if method == http.MethodOptions {
+					if method == http.MethodOptions && test.origin != "" {
 						require.Equal(t, http.MethodGet, rw.Header().Get(httpmw.AccessControlAllowMethodsHeader))
 						require.Equal(t, test.allowedHeaders, rw.Header().Get(httpmw.AccessControlAllowHeadersHeader))
 						require.Equal(t, http.StatusOK, rw.Code)