feat: allow CORS for allowed origins

hadron43 · hadron43 · commit 03f152b76764 · 2025-06-29T19:56:44.000+05:30
diff --git a/README.md b/README.md
@@ -35,7 +35,14 @@ tutor-log-api
    pip install -r requirements.txt
    ```
 
-3. Run the application:
+3. Set required envionment variables in `.env` file:
+   ```
+   DATABASE_URL=<db_connection_string>
+   SKIP_DATABASE_SETUP=true
+   ALLOWED_ORIGINS=http://localhost:3000
+   ``` 
+
+4. Run the application:
    ```
    fastapi dev main.py 
    ```
diff --git a/main.py b/main.py
@@ -1,6 +1,7 @@
 import os
 from contextlib import asynccontextmanager
 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 
 from routers import base, user, pupil, group, event, payment
 from database import create_db_and_tables
@@ -16,6 +17,15 @@ async def lifespan(app: FastAPI):
     version="1.0.0",
     lifespan=lifespan
 )
+origins = os.getenv("ALLOWED_ORIGINS", "").split(",")
+print(f"Allowed origins: {origins}")
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
 
 app.include_router(base)
 app.include_router(user)
