Hugging Face's logo

Spaces:
Tahasaif3
/
TaskFlow-Backend
Sleeping

App Files Community
Tahasaif3 commited on
Commit
924b937
·
verified ·
1 Parent(s): 20d4f68

Update src/main.py

Browse files
Files changed (1) hide show
  1. src/main.py +7 -1
src/main.py CHANGED
@@ -1,5 +1,11 @@
1
  from fastapi import FastAPI
2
  from fastapi.middleware.cors import CORSMiddleware
 
 
 
 
 
 
3
 
4
  from .routers import auth, tasks, projects
5
 
@@ -17,7 +23,7 @@ app.include_router(projects.router)
17
  # CORS configuration (development and production)
18
  app.add_middleware(
19
  CORSMiddleware,
20
- allow_origins=["*"], # Allow all origins for development
21
  allow_credentials=True,
22
  allow_methods=["*"],
23
  allow_headers=["*"],
 
1
  from fastapi import FastAPI
2
  from fastapi.middleware.cors import CORSMiddleware
3
+ from .config import settings
4
+
5
+ # If FRONTEND_URL is https but JWT_COOKIE_SECURE is not set to True, warn the deployer
6
+ if settings.FRONTEND_URL.startswith("https://") and not settings.JWT_COOKIE_SECURE:
7
+ import warnings
8
+ warnings.warn("FRONTEND_URL uses https but JWT_COOKIE_SECURE is False. Set JWT_COOKIE_SECURE=True in production so browsers accept SameSite=None cookies (requires Secure).")
9
 
10
  from .routers import auth, tasks, projects
11
 
 
23
  # CORS configuration (development and production)
24
  app.add_middleware(
25
  CORSMiddleware,
26
+ allow_origins=["https://task-flow-mauve-zeta.vercel.app", "http://localhost:3000"], # Use configured frontend origin (set to your Vercel URL in production)
27
  allow_credentials=True,
28
  allow_methods=["*"],
29
  allow_headers=["*"],