Fix: Add ALLOWED_ORIGINS to settings with cors_origins property

backend/app/core/config.py

@@ -16,12 +16,21 @@ class Settings(BaseSettings):
     # Environment
     ENVIRONMENT: str = "development"
     
+    # CORS - Orígenes permitidos separados por coma
+    ALLOWED_ORIGINS: str = "http://localhost:3000,http://localhost:5173"
+    
     # Uploads
     UPLOAD_DIR: str = "uploads"
     MAX_FILE_SIZE: int = 10 * 1024 * 1024  # 10MB
     
+    @property
+    def cors_origins(self) -> list:
+        """Convierte el string de origins separado por comas en una lista"""
+        return [origin.strip() for origin in self.ALLOWED_ORIGINS.split(",") if origin.strip()]
+    
     class Config:
         env_file = ".env"
         case_sensitive = True
+        extra = "ignore"  # Permite variables extras sin error
 
 settings = Settings()

backend/app/main.py

@@ -9,6 +9,7 @@ from datetime import datetime, timedelta
 
 from app.core.database import engine, get_db, Base
 from app.core.security import verify_password, get_password_hash, create_access_token, decode_access_token
+from app.core.config import settings
 from app import models, schemas
 
 # Crear tablas
@@ -16,16 +17,18 @@ Base.metadata.create_all(bind=engine)
 
 app = FastAPI(title="Checklist Inteligente API", version="1.0.0")
 
-# CORS - Configuración dinámica para desarrollo y producción
-allowed_origins = os.getenv("ALLOWED_ORIGINS", "http://localhost:5173,http://localhost:3000").split(",")
+# CORS - Usar configuración de settings
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=allowed_origins,
+    allow_origins=settings.cors_origins,
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
 )
 
+# Log para debug
+print(f"🌐 CORS configured for origins: {settings.cors_origins}")
+
 security = HTTPBearer()
 
 # Dependency para obtener usuario actual