fix: keep applying quick fix for #446 (#450)

* fix: the Backend returns 400 error * fix: keep applying quick fix * fix the lint error * fixed .env.example settings
2026-04-03 06:12:14 +08:00 · 2025-07-20 14:10:46 +08:00
parent ff67366c5c
commit 4d65d20f01
2 changed files with 3 additions and 5 deletions
--- a/.env.example
+++ b/.env.example
@@ -10,7 +10,7 @@ AGENT_RECURSION_LIMIT=30
 # CORS settings
 # Comma-separated list of allowed origins for CORS requests
 # Example: ALLOWED_ORIGINS=http://localhost:3000,http://example.com
-ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000
+ALLOWED_ORIGINS=http://localhost:3000

 # Enable or disable MCP server configuration, the default is false.
 # Please enable this feature before securing your front-end and back-end in a managed environment.
--- a/src/server/app.py
+++ b/src/server/app.py
@@ -55,9 +55,7 @@ app = FastAPI(
 # Add CORS middleware
 # It's recommended to load the allowed origins from an environment variable
 # for better security and flexibility across different environments.
-allowed_origins_str = os.getenv(
-    "ALLOWED_ORIGINS", "http://localhost:3000,http://localhost:8000"
-)
+allowed_origins_str = os.getenv("ALLOWED_ORIGINS", "http://localhost:3000")
 allowed_origins = [origin.strip() for origin in allowed_origins_str.split(",")]

 logger.info(f"Allowed origins: {allowed_origins}")
@@ -67,7 +65,7 @@ app.add_middleware(
    allow_origins=allowed_origins,  # Restrict to specific origins
    allow_credentials=True,
    allow_methods=["GET", "POST", "OPTIONS"],  # Use the configured list of methods
-    allow_headers=["text/event-stream"],  # Now it supports SSE
+    allow_headers=["*"],  # Now allow all headers, but can be restricted further
 )

 graph = build_graph_with_memory()