Refactor CORS and CSRF middleware to use options directly and remove default config functions

cmd/start.go

@@ -11,6 +11,7 @@ import (
 	"git.coopcloud.tech/wiki-cafe/member-console/internal/auth"
 	"git.coopcloud.tech/wiki-cafe/member-console/internal/logging"
 	"git.coopcloud.tech/wiki-cafe/member-console/internal/middleware"
+	"github.com/rs/cors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -50,11 +51,14 @@ var startCmd = &cobra.Command{
 		// Register auth handlers
 		authConfig.RegisterHandlers(httpRequestRouter)
 
-		// Create CORS configuration
-		corsConfig := middleware.DefaultCORSConfig()
+		// Create CORS configuration with default options
+		corsOptions := cors.Options{
+			// Define minimal defaults - GET method is required
+			AllowedMethods: []string{"GET"},
+		}
 		
-		// Start with minimal default configuration
-		csrfConfig := middleware.DefaultCSRFConfig()
+		// Create empty CSRF configuration with default values
+		var csrfConfig middleware.CSRFConfig
 		
 		// Set CSRF secret from config or generate a random one
 		csrfSecret := viper.GetString("csrf-secret")
@@ -94,7 +98,7 @@ var startCmd = &cobra.Command{
 			middleware.Timeout(32*time.Second), // Set request timeout
 			middleware.MaxBodySize(1024*1024),  // 1MB size limit
 			middleware.SecureHeaders(),         // Set secure headers
-			middleware.CORS(corsConfig),        // CORS configuration
+			middleware.CORS(corsOptions),       // CORS configuration
 			middleware.CSRF(csrfConfig),        // CSRF protection
 			authConfig.Middleware(),            // OIDC authentication middleware
 		)