fix: frontend API CORS

src/lib/app.ts

@@ -103,10 +103,7 @@ export default async function getApp(
     if (config.enableOAS && services.openApiService) {
         services.openApiService.useDocs(app);
     }
-    // Support CORS preflight requests for the frontend endpoints.
+    app.use(
-    // Preflight requests should not have Authorization headers,
-    // so this must be handled before the API token middleware.
-    app.options(
         `${baseUriPath}/api/frontend*`,
         corsOriginMiddleware(services, config),
     );

src/lib/features/frontend-api/frontend-api-controller.ts

@@ -19,7 +19,6 @@ import {
 } from '../../openapi/index.js';
 import type { Context } from 'unleash-client';
 import { enrichContextWithIp } from './index.js';
-import { corsOriginMiddleware } from '../../middleware/index.js';
 import NotImplementedError from '../../error/not-implemented-error.js';
 import rateLimit from 'express-rate-limit';
 import { minutesToMilliseconds } from 'date-fns';
@@ -65,10 +64,6 @@ export default class FrontendAPIController extends Controller {
                 functionName,
             });
 
-        // Support CORS requests for the frontend endpoints.
-        // Preflight requests are handled in `app.ts`.
-        this.app.use(corsOriginMiddleware(services, config));
-
         this.route({
             method: 'get',
             path: '',