Fix: Add ALLOWED_ORIGINS to settings with cors_origins property

2025-11-18 18:34:19 -03:00
parent 08fc88668d
commit e7a380f36e
3 changed files with 19 additions and 7 deletions
--- a/.env.production
+++ b/.env.production
@@ -10,8 +10,8 @@ SECRET_KEY=CAMBIAR-CLAVE-SECRETA-MINIMO-32-CARACTERES-SUPER-SEGURA
 OPENAI_API_KEY=tu-openai-api-key-aqui
 ENVIRONMENT=production

-# CORS - Separar múltiples dominios con comas
-ALLOWED_ORIGINS=http://checklist-rons-0e8a3a-63dbc4-72-61-106-199.traefik.me,http://checklist-rons-0e8a3a-63dbc4-72-61-106-199.traefik.me
+# CORS - URL del FRONTEND (de donde vienen las peticiones)
+ALLOWED_ORIGINS=http://checklist-frontend-n5eten-9cb24a-72-61-106-199.traefik.me

-# Frontend - URL del backend en Dockploy
-VITE_API_URL=http://checklist-rons-0e8a3a-63dbc4-72-61-106-199.traefik.me
+# Frontend - Vacío para usar URL relativa con proxy de Nginx
+VITE_API_URL=
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -16,12 +16,21 @@ class Settings(BaseSettings):
    # Environment
    ENVIRONMENT: str = "development"
    
+    # CORS - Orígenes permitidos separados por coma
+    ALLOWED_ORIGINS: str = "http://localhost:3000,http://localhost:5173"
+    
    # Uploads
    UPLOAD_DIR: str = "uploads"
    MAX_FILE_SIZE: int = 10 * 1024 * 1024  # 10MB
    
+    @property
+    def cors_origins(self) -> list:
+        """Convierte el string de origins separado por comas en una lista"""
+        return [origin.strip() for origin in self.ALLOWED_ORIGINS.split(",") if origin.strip()]
+    
    class Config:
        env_file = ".env"
        case_sensitive = True
+        extra = "ignore"  # Permite variables extras sin error

 settings = Settings()
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -9,6 +9,7 @@ from datetime import datetime, timedelta

 from app.core.database import engine, get_db, Base
 from app.core.security import verify_password, get_password_hash, create_access_token, decode_access_token
+from app.core.config import settings
 from app import models, schemas

 # Crear tablas
@@ -16,16 +17,18 @@ Base.metadata.create_all(bind=engine)

 app = FastAPI(title="Checklist Inteligente API", version="1.0.0")

-# CORS - Configuración dinámica para desarrollo y producción
-allowed_origins = os.getenv("ALLOWED_ORIGINS", "http://localhost:5173,http://localhost:3000").split(",")
+# CORS - Usar configuración de settings
 app.add_middleware(
    CORSMiddleware,
-    allow_origins=allowed_origins,
+    allow_origins=settings.cors_origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
 )

+# Log para debug
+print(f"🌐 CORS configured for origins: {settings.cors_origins}")
+
 security = HTTPBearer()

 # Dependency para obtener usuario actual