From a8714ebf7e169f975f4c9df075ca54cb32872e95 Mon Sep 17 00:00:00 2001 From: omicron Date: Thu, 1 Jan 2026 02:47:24 +0100 Subject: [PATCH] Remove the CORS middleware The app and static files are served from a single domain, we don't use cross domain requests at all so removing it locks it down to the most restrictive state, which seems reasonable. It was initially added from an example without true understanding of the need. --- mft/app.py | 10 ---------- mft/config.py | 2 -- mft/settings.py | 1 - 3 files changed, 13 deletions(-) diff --git a/mft/app.py b/mft/app.py index c60ae0e..ffeca06 100644 --- a/mft/app.py +++ b/mft/app.py @@ -1,7 +1,6 @@ from pathlib import Path from fastapi import FastAPI -from fastapi.middleware.cors import CORSMiddleware from fastapi.staticfiles import StaticFiles from mft.settings import settings @@ -14,15 +13,6 @@ def create_app() -> FastAPI: description="A simple expense tracking application", ) - # Configure CORS - app.add_middleware( - CORSMiddleware, - allow_origins=settings.cors_origins, - allow_credentials=True, - allow_methods=["*"], - allow_headers=["*"], - ) - # Register routes from mft.routes import api_router diff --git a/mft/config.py b/mft/config.py index aec98f2..7633461 100644 --- a/mft/config.py +++ b/mft/config.py @@ -10,7 +10,6 @@ port = 8080 [mft] database = "~/.local/var/db/mft.db" -cors_origins = ["http://127.0.0.1:8080"] """ @@ -30,7 +29,6 @@ class MftConfig(BaseModel): model_config = ConfigDict(extra="forbid") database: str = "~/.local/var/db/mft.db" - cors_origins: list[str] = Field(default_factory=lambda: ["http://127.0.0.1:8080"]) class AppConfig(BaseModel): diff --git a/mft/settings.py b/mft/settings.py index 882c875..4f0a489 100644 --- a/mft/settings.py +++ b/mft/settings.py @@ -22,7 +22,6 @@ class Settings: def set_config_file_values(self, config): self.database_path: Path = Path(config.mft.database).expanduser().absolute() - self.cors_origins = config.mft.cors_origins self.host = config.server.host self.port = config.server.port