Make CORS allowed origins configurable via ALLOWED_ORIGINS env var

Defaults to localhost:3000 for local dev. Server deployments can pass a comma-separated list via the environment. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 18:15:44 +01:00
parent 8982f76d15
commit 470dd80ed8
1 changed files with 5 additions and 1 deletions
@@ -1,3 +1,5 @@
+import os
+
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware

@@ -8,9 +10,11 @@ Base.metadata.create_all(bind=engine)

 app = FastAPI(title="BTC Portfolio API")

+origins = os.getenv("ALLOWED_ORIGINS", "http://localhost:3000").split(",")
+
 app.add_middleware(
    CORSMiddleware,
-    allow_origins=["http://localhost:3000"],
+    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],