Refine CORS settings in file download handlers and update viewer behavior for mobile and authenticated web

b0esche_cloud/lib/widgets/file_viewer_dispatch.dart

@@ -140,10 +140,17 @@ class FileViewerDispatch {
         );
       }
 
-      return Container(
-        color: AppTheme.primaryBackground,
-        child: InteractiveViewer(minScale: 0.5, maxScale: 4.0, child: child),
-      );
+      Widget viewerChild = child;
+      if (!(kIsWeb && token == null)) {
+        // Use InteractiveViewer for mobile or authenticated web
+        viewerChild = InteractiveViewer(
+          minScale: 0.5,
+          maxScale: 4.0,
+          child: child,
+        );
+      }
+
+      return Container(color: AppTheme.primaryBackground, child: viewerChild);
     } else {
       return Container(
         color: AppTheme.primaryBackground,

go_cloud/internal/http/routes.go

@@ -2417,7 +2417,9 @@ func downloadOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database
 	// which supports all common video/audio/image formats
 	contentType := getMimeType(fileName)
 
-	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Origin", "https://www.b0esche.cloud")
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	w.Header().Set("Access-Control-Allow-Headers", "Authorization, Range")
 	w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", fileName))
 	w.Header().Set("Content-Type", contentType)
 	w.Header().Set("Accept-Ranges", "bytes")
@@ -2565,7 +2567,9 @@ func downloadUserFileHandler(w http.ResponseWriter, r *http.Request, db *databas
 	// which supports all common video/audio/image formats
 	contentType := getMimeType(fileName)
 
-	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Origin", "https://www.b0esche.cloud")
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	w.Header().Set("Access-Control-Allow-Headers", "Authorization, Range")
 	w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", fileName))
 	w.Header().Set("Content-Type", contentType)
 	w.Header().Set("Accept-Ranges", "bytes")