Login and Session Fixes

2026-01-07 13:37:28 +07:00
parent 810366d00f
commit 1390e07500
2 changed files with 22 additions and 2 deletions
--- a/server.py
+++ b/server.py
@@ -6236,10 +6236,30 @@ async def stripe_webhook(request: Request, db: Session = Depends(get_db)):
 # Include the router in the main app
 app.include_router(api_router)

+# CORS Configuration
+cors_origins = os.environ.get('CORS_ORIGINS', '')
+if cors_origins:
+    # Use explicitly configured origins
+    allowed_origins = [origin.strip() for origin in cors_origins.split(',')]
+else:
+    # Default to common development origins if not configured
+    allowed_origins = [
+        "http://localhost:3000",
+        "http://localhost:8000",
+        "http://127.0.0.1:3000",
+        "http://127.0.0.1:8000"
+    ]
+    print(f"⚠️  WARNING: CORS_ORIGINS not set. Using defaults: {allowed_origins}")
+    print("⚠️  For production, set CORS_ORIGINS in .env file!")
+
+print(f"✓ CORS allowed origins: {allowed_origins}")
+
 app.add_middleware(
    CORSMiddleware,
    allow_credentials=True,
-    allow_origins=os.environ.get('CORS_ORIGINS', '*').split(','),
-    allow_methods=["*"],
+    allow_origins=allowed_origins,
+    allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"],
    allow_headers=["*"],
+    expose_headers=["*"],
+    max_age=600,  # Cache preflight requests for 10 minutes
 )