Fix CORS policy for frontend integration

- Add specific Netlify frontend domain to allowed origins
- Replace wildcard origin with explicit list of allowed origins
- Add additional CORS configuration for better performance and security
- Expose headers for better API communication

app/core/config.py

@@ -11,7 +11,13 @@ class Settings(BaseSettings):
     ROOT_PATH: str = ""  # For deployments behind proxies/subpaths, can be set via env var
     
     # CORS Settings
-    CORS_ORIGINS: List[str] = ["*"]  # Allow all origins for development
+    # List of allowed origins for CORS (Cross-Origin Resource Sharing)
+    CORS_ORIGINS: List[str] = [
+        "http://localhost",
+        "http://localhost:3000",
+        "http://localhost:8000", 
+        "https://exquisite-puppy-b0f53e.netlify.app"
+    ]
 
     @field_validator("CORS_ORIGINS", mode="before")
     @classmethod

main.py

@@ -18,10 +18,12 @@ app = FastAPI(
 # Set CORS middleware
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],  # Allow all origins for development
+    allow_origins=settings.CORS_ORIGINS,  # Use origins from settings
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
+    expose_headers=["*"],
+    max_age=600,  # Cache preflight requests for 10 minutes
 )
 
 # Include API router