diff --git a/src/components/TopicView.jsx b/src/components/TopicView.jsx
index 95fb262..48f5c48 100644
--- a/src/components/TopicView.jsx
+++ b/src/components/TopicView.jsx
@@ -7,17 +7,11 @@ import { LEGACY_BASE_URL, REST_BASE_URL } from '../data/topics'
 const ADMIN_SECRET = 'nearle-admin-secret'
 
 function toProxyPath(fullUrl) {
-  // REST: jupiter.nearle.app lacks CORS headers, so we MUST proxy it.
-  if (fullUrl.startsWith(REST_BASE_URL)) {
-    // Locally, Vite intercepts /live/... and proxies it perfectly.
-    if (window.location.hostname === 'localhost' || window.location.hostname === '127.0.0.1') {
-      return fullUrl.slice(REST_BASE_URL.length)
-    }
-    // In production, since we cannot configure the host server (like Nginx),
-    // we use a public CORS proxy to bridge the request directly from the browser!
-    return 'https://corsproxy.io/?url=' + encodeURIComponent(fullUrl)
+  // Legacy (api.workolik.com): We still proxy this to inject the admin secret via server
+  if (fullUrl.startsWith(LEGACY_BASE_URL)) {
+    return fullUrl.slice(LEGACY_BASE_URL.length)
   }
-  // Legacy (api.workolik.com): CORS is open, admin secret injected in headers.
+  // REST API (jupiter.nearle.app): Has native CORS enabled, browser hits it directly!
   return fullUrl
 }
 
@@ -52,8 +46,13 @@ export default function TopicView({ topic, searchQuery }) {
     const start = Date.now()
 
     try {
-      const headers = { 'Content-Type': 'application/json' }
-      if (topic.type === 'legacy') headers['x-hasura-admin-secret'] = ADMIN_SECRET
+      const headers = {}
+      if (endpoint.method !== 'GET') {
+        headers['Content-Type'] = 'application/json'
+      }
+      if (topic.type === 'legacy') {
+        headers['x-hasura-admin-secret'] = ADMIN_SECRET
+      }
 
       const fetchOptions = {
         method: endpoint.method,