From 336c6aa34ea8a61f70c2971ef56b2910da3260fb Mon Sep 17 00:00:00 2001
From: ahtlon <git@ahtlon.de>
Date: Fri, 12 Jun 2026 13:52:44 +0200
Subject: [PATCH] Add CORS middleware

---
 README.md   |  5 ++---
 app/main.py | 13 +++++++++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 140bbfb..91d6b13 100644
--- a/README.md
+++ b/README.md
@@ -18,12 +18,11 @@ Issues:
    - hardcoded secret key in auth.py -> centralise env var loading 
    - i don't like the error handling in the scanner - doesn't pass errors correctly
    - cors for frontend: https://fastapi.tiangolo.com/tutorial/cors
-   - disableCards var isn't doing anything
+     - Load cors from env var or something
    - BackgroundScanner shouldn't get a single session for the whole lifecycle
    - input validation maybe
    - too many imports
    - inconsistent logging (request logging?)
    - rate limiting maybe
    - pretty sure the controllers are doing too much stuff
-   - hardware call tests or sth
-   - .env.example
+   - hardware call tests or sth
\ No newline at end of file
diff --git a/app/main.py b/app/main.py
index 88b8545..e801d77 100644
--- a/app/main.py
+++ b/app/main.py
@@ -2,6 +2,7 @@ import logging
 logger = logging.getLogger(__name__)
 import os
 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 from fastapi.security import OAuth2PasswordBearer
 from contextlib import asynccontextmanager
 from dotenv import load_dotenv
@@ -37,7 +38,19 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(lifespan=lifespan)
 
+origins = [
+    "http://127.0.0.1",
+    "http://localhost",
+    "http://localhost:8080",
+]
 
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["GET" "PUT" "POST" "DELETE" "PATCH"],
+    allow_headers=["*"],
+)
 
 app.include_router(token_router)
 app.include_router(userManager.user_router)