From 4d65d20f011f20cfa4376b8251aa533917c0ae75 Mon Sep 17 00:00:00 2001 From: Willem Jiang Date: Sun, 20 Jul 2025 14:10:46 +0800 Subject: [PATCH] fix: keep applying quick fix for #446 (#450) * fix: the Backend returns 400 error * fix: keep applying quick fix * fix the lint error * fixed .env.example settings --- .env.example | 2 +- src/server/app.py | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.env.example b/.env.example index 40d3f83..89bb6b4 100644 --- a/.env.example +++ b/.env.example @@ -10,7 +10,7 @@ AGENT_RECURSION_LIMIT=30 # CORS settings # Comma-separated list of allowed origins for CORS requests # Example: ALLOWED_ORIGINS=http://localhost:3000,http://example.com -ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000 +ALLOWED_ORIGINS=http://localhost:3000 # Enable or disable MCP server configuration, the default is false. # Please enable this feature before securing your front-end and back-end in a managed environment. diff --git a/src/server/app.py b/src/server/app.py index 466c676..2d9abf1 100644 --- a/src/server/app.py +++ b/src/server/app.py @@ -55,9 +55,7 @@ app = FastAPI( # Add CORS middleware # It's recommended to load the allowed origins from an environment variable # for better security and flexibility across different environments. -allowed_origins_str = os.getenv( - "ALLOWED_ORIGINS", "http://localhost:3000,http://localhost:8000" -) +allowed_origins_str = os.getenv("ALLOWED_ORIGINS", "http://localhost:3000") allowed_origins = [origin.strip() for origin in allowed_origins_str.split(",")] logger.info(f"Allowed origins: {allowed_origins}") @@ -67,7 +65,7 @@ app.add_middleware( allow_origins=allowed_origins, # Restrict to specific origins allow_credentials=True, allow_methods=["GET", "POST", "OPTIONS"], # Use the configured list of methods - allow_headers=["text/event-stream"], # Now it supports SSE + allow_headers=["*"], # Now allow all headers, but can be restricted further ) graph = build_graph_with_memory()