Remove the CORS middleware

The app and static files are served from a single domain, we don't use
cross domain requests at all so removing it locks it down to the most
restrictive state, which seems reasonable. It was initially added from
an example without true understanding of the need.

mft/app.py

@@ -1,7 +1,6 @@
 from pathlib import Path
 
 from fastapi import FastAPI
-from fastapi.middleware.cors import CORSMiddleware
 from fastapi.staticfiles import StaticFiles
 
 from mft.settings import settings
@@ -14,15 +13,6 @@ def create_app() -> FastAPI:
         description="A simple expense tracking application",
     )
 
-    # Configure CORS
-    app.add_middleware(
-        CORSMiddleware,
-        allow_origins=settings.cors_origins,
-        allow_credentials=True,
-        allow_methods=["*"],
-        allow_headers=["*"],
-    )
-
     # Register routes
     from mft.routes import api_router
 

mft/config.py

@@ -10,7 +10,6 @@ port = 8080
 
 [mft]
 database = "~/.local/var/db/mft.db"
-cors_origins = ["http://127.0.0.1:8080"]
 """
 
 
@@ -30,7 +29,6 @@ class MftConfig(BaseModel):
     model_config = ConfigDict(extra="forbid")
 
     database: str = "~/.local/var/db/mft.db"
-    cors_origins: list[str] = Field(default_factory=lambda: ["http://127.0.0.1:8080"])
 
 
 class AppConfig(BaseModel):

mft/settings.py

@@ -22,7 +22,6 @@ class Settings:
 
     def set_config_file_values(self, config):
         self.database_path: Path = Path(config.mft.database).expanduser().absolute()
-        self.cors_origins = config.mft.cors_origins
         self.host = config.server.host
         self.port = config.server.port