Improve docs and security defaults

2025-10-22 15:22:58 +02:00
parent ebb0769ed4
commit 92795cf9b3
16 changed files with 283 additions and 180 deletions
--- a/src/server/fastapi_app.py
+++ b/src/server/fastapi_app.py
@@ -44,22 +44,15 @@ app = FastAPI(
    redoc_url="/api/redoc"
 )

-# Configure CORS
-# WARNING: In production, ensure CORS_ORIGINS is properly configured
-# Default to localhost for development, configure via environment variable
-cors_origins = (
-    settings.cors_origins.split(",")
-    if settings.cors_origins and settings.cors_origins != "*"
-    else (
-        ["http://localhost:3000", "http://localhost:8000"]
-        if settings.cors_origins == "*"
-        else []
-    )
-)
+# Configure CORS using environment-driven configuration.
+allowed_origins = settings.allowed_origins or [
+    "http://localhost:3000",
+    "http://localhost:8000",
+]

 app.add_middleware(
    CORSMiddleware,
-    allow_origins=cors_origins if cors_origins else ["*"],
+    allow_origins=allowed_origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],