From 2145affdac643d6e77b7c5db1f6f69e38f9d664c Mon Sep 17 00:00:00 2001
From: madipo2611 <klimov.aka@yandex.ru>
Date: Mon, 11 Aug 2025 15:52:46 +0300
Subject: [PATCH] =?UTF-8?q?v0.0.17.3=20=D0=9F=D0=B5=D1=80=D0=B5=D1=80?=
 =?UTF-8?q?=D0=B0=D0=B1=D0=BE=D1=82=D0=B0=D0=BD=20websocket,=20=D0=B4?=
 =?UTF-8?q?=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=D0=B0=20=D0=BE=D0=B1?=
 =?UTF-8?q?=D1=80=D0=B0=D0=B1=D0=BE=D1=82=D0=BA=D0=B0=20ping/pong?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/http/handlers/chat.go   |  2 ++
 internal/http/middleware/cors.go | 10 +++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/internal/http/handlers/chat.go b/internal/http/handlers/chat.go
index d397f9d..05fbf67 100644
--- a/internal/http/handlers/chat.go
+++ b/internal/http/handlers/chat.go
@@ -38,6 +38,8 @@ func NewChatHandler(chatService service.ChatService, hub *ws.Hub, tokenAuth *aut
 }
 
 func (h *ChatHandler) HandleWebSocket(w http.ResponseWriter, r *http.Request) {
+	log.Printf("Incoming WebSocket headers: %+v", r.Header)
+	log.Printf("Cookies: %+v", r.Cookies())
 	requestedProtocol := r.Header.Get("Sec-WebSocket-Protocol")
 	if requestedProtocol != "" && requestedProtocol != "graphql-transport-ws" {
 		http.Error(w, "Unsupported WebSocket protocol", http.StatusBadRequest)
diff --git a/internal/http/middleware/cors.go b/internal/http/middleware/cors.go
index 804ee76..09ba12a 100644
--- a/internal/http/middleware/cors.go
+++ b/internal/http/middleware/cors.go
@@ -8,12 +8,17 @@ import (
 func CORS(allowedOrigins []string) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			origin := r.Header.Get("Origin")
+			// Особые правила для WebSocket
 			if r.Header.Get("Upgrade") == "websocket" {
+				w.Header().Set("Access-Control-Allow-Origin", "*")
+				w.Header().Set("Access-Control-Allow-Credentials", "true")
+				w.Header().Set("Access-Control-Allow-Headers", "*")
 				next.ServeHTTP(w, r)
 				return
 			}
-			// Проверяем, разрешен ли источник
+
+			// Стандартная CORS логика для других запросов
+			origin := r.Header.Get("Origin")
 			if isOriginAllowed(origin, allowedOrigins) {
 				w.Header().Set("Access-Control-Allow-Origin", origin)
 				w.Header().Set("Access-Control-Allow-Credentials", "true")
@@ -23,7 +28,6 @@ func CORS(allowedOrigins []string) func(http.Handler) http.Handler {
 					"GET, POST, PUT, DELETE, OPTIONS")
 			}
 
-			// Обрабатываем предварительные OPTIONS-запросы
 			if r.Method == "OPTIONS" {
 				w.WriteHeader(http.StatusNoContent)
 				return