Problem
In main.py:18-24:
app.add_middleware(
CORSMiddleware,
allow_origins=["*"],
allow_credentials=True,
...
)Per the CORS specification, browsers will reject responses that use Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true. This combination is explicitly forbidden.
Suggested Fix
Either:
- Remove
allow_credentials=True if credentials aren't needed, or
- Replace
allow_origins=["*"] with a list of specific allowed origins (configurable via environment variable).
Problem
In
main.py:18-24:Per the CORS specification, browsers will reject responses that use
Access-Control-Allow-Origin: *together withAccess-Control-Allow-Credentials: true. This combination is explicitly forbidden.Suggested Fix
Either:
allow_credentials=Trueif credentials aren't needed, orallow_origins=["*"]with a list of specific allowed origins (configurable via environment variable).