fix: fronted_url

README.md

@@ -34,8 +34,8 @@ FastAPI backend for the Todo List application with JWT authentication and Postgr
    |----------|-------------|---------|
    | `DATABASE_URL` | PostgreSQL connection string | `postgresql://user:password@ep-xxx.aws.neon.tech/neondb?sslmode=require` |
    | `JWT_SECRET` | Secret key for JWT tokens | Generate a random string: `openssl rand -hex 32` |
-   | `FRONTEND_URL` | Your frontend URL for CORS | `https://your-frontend.vercel.app` |
-   | `ENVIRONMENT` | Environment name | `production` |
+   | `FRONTEND_URL` | Your frontend URL for CORS (optional, defaults to `*`) | `https://your-frontend.vercel.app` |
+   | `ENVIRONMENT` | Environment name (optional) | `production` |
 
    **Note:** For Neon database, make sure to append `?sslmode=require` to your DATABASE_URL.
 

core/config.py

@@ -20,7 +20,7 @@ class Settings(BaseSettings):
     jwt_expiration_days: int = 7
 
     # CORS
-    frontend_url: str
+    frontend_url: str = "*"  # Default to allow all origins for HuggingFace Spaces
 
     # Environment
     environment: str = "development"

main.py

@@ -50,10 +50,14 @@ app = FastAPI(
 )
 
 # Add CORS middleware
+# If frontend_url is "*", allow all origins (useful for HuggingFace Spaces)
+allow_all_origins = settings.frontend_url == "*"
+allow_origins = ["*"] if allow_all_origins else [settings.frontend_url]
+
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=[settings.frontend_url],
-    allow_credentials=True,
+    allow_origins=allow_origins,
+    allow_credentials=not allow_all_origins,  # Can't use credentials with wildcard
     allow_methods=["*"],
     allow_headers=["*"],
 )