fix(control-api): enable CORS to allow UI access

control/api/Cargo.toml

@@ -24,7 +24,7 @@ hex = "0.4.3"
 shared = { path = "../../shared" }
 thiserror = "2.0.16"
 tokio = { version = "1.45.0", features = ["macros", "net", "process", "rt-multi-thread", "signal", "time"] }
-tower-http = { version = "0.6.6", features = ["trace"] }
+tower-http = { version = "0.6.6", features = ["trace", "cors"] }
 tracing = "0.1.41"
 tracing-subscriber = { version = "0.3.20", features = ["env-filter"] }
 url = "2.5.4"

control/api/src/lib.rs

@@ -113,6 +113,11 @@ pub fn build_app(state: AppState) -> Router {
         .merge(documents::router())
         .layer(from_fn_with_state(state.clone(), auth::auth_middleware));
 
+    let cors = tower_http::cors::CorsLayer::new()
+        .allow_origin(tower_http::cors::Any)
+        .allow_methods(tower_http::cors::Any)
+        .allow_headers(tower_http::cors::Any);
+
     Router::new()
         .route("/health", get(health))
         .route("/ready", get(ready))
@@ -123,6 +128,7 @@ pub fn build_app(state: AppState) -> Router {
         )
         .nest("/admin/v1", admin)
         .with_state(state)
+        .layer(cors)
         .layer(trace)
         .layer(from_fn(request_id_middleware))
 }