Critical CORS Configuration Error Blocks API Requests

[Nareshgouddev]

Describe the bug
When loading the application at https://opensource.idurarapp.com, a critical CORS (Cross-Origin Resource Sharing) error occurs. The front-end application is unable to fetch initial configuration data from the back-end API (https://dev-server.idurarapp.com) because of a server-side CORS misconfiguration. This prevents the application from loading its settings and likely breaks major functionality.

To Reproduce
Steps to reproduce the behavior:
1.Navigate to https://opensource.idurarapp.com in any modern web browser.
2.Open the Developer Tools (usually by pressing F12 or Ctrl+Shift+I).
3.Go to the "Console" tab.
4.Observe the following error message:

Expected behavior
The API call to /api/setting/listAll should succeed with a status 200 OK. The application should successfully load its settings without any CORS errors appearing in the console.

Actual Behaviour
The API request is blocked by the browser due to an incorrect Access-Control-Allow-Origin header sent by the server. The application fails to load critical data, which likely leads to further malfunction.

Desktop (please complete the following information):
1.Browser: [e.g., Chrome 128, Firefox 129]
2.OS: [e.g., Windows 11, macOS Sonoma]

Additional context
This is a classic CORS issue. The server at dev-server.idurarapp.com is configured to respond with Access-Control-Allow-Origin: *. However, the front-end request is being made with credentials: 'include'. For security, browsers do not permit a wildcard * origin when credentials are in play.

[EgaleCoder]

Heyy!
I noticed this issue, and I’ve reviewed the setup and I’d like to help troubleshoot and fix it.
Can I start working on this issue?
Once confirmed, I’ll fork the repo and submit a PR with the fix.

[anshgupta-007]

Hi, I would like to work on this issue.
Can you please assign it to me?