diff --git a/webdav3.py b/webdav3.py
index d2df5a3..bb4cdb5 100644
--- a/webdav3.py
+++ b/webdav3.py
@@ -550,8 +550,8 @@ class DAVRequestHandler(BaseHTTPRequestHandler):
       self.send_header('Content-Length', '0')
       self.end_headers()
       return
-    # CORS preflight for /leet/ proxy
-    if self.path.startswith('/leet/'):
+    # CORS preflight for /leet/ and /commoserve/ proxies
+    if self.path.startswith('/leet/') or self.path.startswith('/commoserve/'):
       self.send_response(204)
       self.send_header('Access-Control-Allow-Origin', '*')
       self.send_header('Access-Control-Allow-Methods', 'GET, OPTIONS')
@@ -855,11 +855,13 @@ class DAVRequestHandler(BaseHTTPRequestHandler):
   # ── Leet API proxy ─────────────────────────────────────────────────────────
   # Browsers cannot override the User-Agent header (Fetch spec §forbidden
   # header names).  Assembly64 returns HTTP 463 for non-matching UAs.
-  # Requests to /leet/<path> are forwarded to hackerswithstyle.se with the
-  # required headers added server-side.
+  # commoserve.files.commodore.net also lacks CORS headers on AQL endpoints.
+  #
+  # Routes:
+  #   GET /leet/*          → https://hackerswithstyle.se/leet/*
+  #   GET /commoserve/*    → https://commoserve.files.commodore.net/leet/*
 
-  def _proxy_leet(self):
-    target = 'https://hackerswithstyle.se' + self.path
+  def _proxy_leet(self, target: str):
     try:
       req = urllib.request.Request(target, headers={
         'User-Agent': 'Assembly Query',
@@ -870,6 +872,7 @@ class DAVRequestHandler(BaseHTTPRequestHandler):
         body = resp.read()
         ct   = resp.headers.get('Content-Type', 'application/octet-stream')
       self.send_response(200)
+      self.send_header('Access-Control-Allow-Origin', '*')
       self.send_header('Content-Type', ct)
       self.send_header('Content-Length', str(len(body)))
       self.end_headers()
@@ -879,6 +882,7 @@ class DAVRequestHandler(BaseHTTPRequestHandler):
       _log('LEET', f'Proxy error: {self.path} → {e}')
       body = json.dumps({'error': str(e)}).encode('utf-8')
       self.send_response(502)
+      self.send_header('Access-Control-Allow-Origin', '*')
       self.send_header('Content-Type', 'application/json')
       self.send_header('Content-Length', str(len(body)))
       self.end_headers()
@@ -890,7 +894,12 @@ class DAVRequestHandler(BaseHTTPRequestHandler):
       self._handle_websocket()
       return
     if self.path.startswith('/leet/'):
-      self._proxy_leet()
+      self._proxy_leet('https://hackerswithstyle.se' + self.path)
+      return
+    if self.path.startswith('/commoserve/'):
+      # /commoserve/search/categories → /leet/search/categories on commoserve server
+      leet_path = '/leet' + self.path[len('/commoserve'):]
+      self._proxy_leet('https://commoserve.files.commodore.net' + leet_path)
       return
     if self.WebAuth():
       return