fix: CORS settings

apps/api-service/src/app.ts

@@ -27,17 +27,13 @@ export const appConfig: Config = {
 export const createApp = (): Application => {
   const app = express();
 
-  // Middleware - CORS configuration
-  const corsOrigin = process.env['CORS_ORIGIN']?.split(',') || [
-    'http://localhost:3001', // Landing
-    'http://localhost:3002', // Studio
-    'http://localhost:3003', // Admin
-    '*' // Allow all for development
-  ];
-
+  // Middleware - CORS configuration (allow all origins)
   app.use(cors({
-    origin: corsOrigin,
-    credentials: true
+    origin: true, // Allow all origins
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-API-Key'],
+    exposedHeaders: ['X-Request-ID']
   }));
 
   app.use(express.json({ limit: '10mb' }));