From c26e9e7782d8c3f90737587a92dcae7a8368059d Mon Sep 17 00:00:00 2001
From: ZareMate <0.zaremate@gmail.com>
Date: Fri, 9 Jan 2026 05:09:32 +0100
Subject: [PATCH] add cors to /api/shop/items

---
 users-api.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/users-api.js b/users-api.js
index 435e5bd6..59266e8b 100644
--- a/users-api.js
+++ b/users-api.js
@@ -226,6 +226,7 @@ module.exports = function (app, wss, pool) {
 
   app.get("/api/shop/items", async (req, res) => {
     const conn = await pool.getConnection();
+    res.set("Access-Control-Allow-Origin", "*");
     try {
       const rows = await conn.query(
         "SELECT id, name, price, quantity FROM shop_items WHERE enabled = 1",
@@ -240,6 +241,7 @@ module.exports = function (app, wss, pool) {
 
   app.get("/api/shop/items/all", async (req, res) => {
     const conn = await pool.getConnection();
+    res.set("Access-Control-Allow-Origin", "*");
     try {
       const rows = await conn.query("SELECT * FROM shop_items");
       res.json({ ok: true, items: rows });