From 2a70291924463906b8fb6fc52f32e69ced74f86b Mon Sep 17 00:00:00 2001
From: Automated Action <action@example.com>
Date: Fri, 20 Jun 2025 11:49:31 +0000
Subject: [PATCH] Fix CORS configuration for frontend access

- Set allow_credentials=False when using wildcard origins
- Added explicit OPTIONS handler for preflight requests
- Simplified CORS configuration to be more permissive
- This should resolve CORS blocking from frontend applications
---
 main.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/main.py b/main.py
index a219289..3a3e997 100644
--- a/main.py
+++ b/main.py
@@ -37,9 +37,10 @@ app = FastAPI(
 app.add_middleware(
     CORSMiddleware,
     allow_origins=["*"],
-    allow_credentials=True,
-    allow_methods=["*"],
+    allow_credentials=False,  # Must be False when using wildcard origins
+    allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
     allow_headers=["*"],
+    expose_headers=["*"],
 )
 
 # Include routers
@@ -62,6 +63,12 @@ async def health_check():
     return {"status": "healthy", "service": "uptime-monitoring-api"}
 
 
+@app.options("/{path:path}")
+async def options_handler():
+    """Handle preflight OPTIONS requests"""
+    return {"message": "OK"}
+
+
 if __name__ == "__main__":
     import uvicorn