From ff67366c5c508e8c0be2ada8d40f3544cd86dcfe Mon Sep 17 00:00:00 2001 From: Willem Jiang Date: Sun, 20 Jul 2025 11:38:18 +0800 Subject: [PATCH] fix: the Backend returns 400 error (#449) --- .env.example | 2 +- src/server/app.py | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.env.example b/.env.example index 89bb6b4..40d3f83 100644 --- a/.env.example +++ b/.env.example @@ -10,7 +10,7 @@ AGENT_RECURSION_LIMIT=30 # CORS settings # Comma-separated list of allowed origins for CORS requests # Example: ALLOWED_ORIGINS=http://localhost:3000,http://example.com -ALLOWED_ORIGINS=http://localhost:3000 +ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000 # Enable or disable MCP server configuration, the default is false. # Please enable this feature before securing your front-end and back-end in a managed environment. diff --git a/src/server/app.py b/src/server/app.py index 69cc9ca..466c676 100644 --- a/src/server/app.py +++ b/src/server/app.py @@ -55,15 +55,19 @@ app = FastAPI( # Add CORS middleware # It's recommended to load the allowed origins from an environment variable # for better security and flexibility across different environments. -allowed_origins_str = os.getenv("ALLOWED_ORIGINS", "http://localhost:3000") +allowed_origins_str = os.getenv( + "ALLOWED_ORIGINS", "http://localhost:3000,http://localhost:8000" +) allowed_origins = [origin.strip() for origin in allowed_origins_str.split(",")] +logger.info(f"Allowed origins: {allowed_origins}") + app.add_middleware( CORSMiddleware, allow_origins=allowed_origins, # Restrict to specific origins allow_credentials=True, - allow_methods=["GET", "POST"], # Be specific about allowed methods - allow_headers=["Content-Type", "Authorization", "X-Requested-With"], # Be specific + allow_methods=["GET", "POST", "OPTIONS"], # Use the configured list of methods + allow_headers=["text/event-stream"], # Now it supports SSE ) graph = build_graph_with_memory()