From 9de998149202287fd5860c5f4c995ce94b262acd Mon Sep 17 00:00:00 2001 From: Luca Sacchi Ricciardi Date: Tue, 7 Apr 2026 23:35:56 +0200 Subject: [PATCH] fix: resolve CORS middleware error causing backend restart The issue was duplicate CORS middleware configuration: - CORS was configured in main.py (correctly) - CORS was also configured in security_headers.py (incorrectly) The security_headers.py version was trying to instantiate CORSMiddleware directly without the 'app' argument, causing: TypeError: CORSMiddleware.__init__() missing 1 required positional argument: 'app' Fixed by: 1. Removed CORS middleware from setup_security_middleware() 2. Updated config.py to include http://localhost:8888 in CORS origins 3. Kept CORS configuration only in main.py Backend now starts successfully and responds to health checks. --- src/core/config.py | 4 ++-- src/core/security_headers.py | 5 +---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/core/config.py b/src/core/config.py index 02fe9c6..58e8e9b 100644 --- a/src/core/config.py +++ b/src/core/config.py @@ -44,8 +44,8 @@ class Settings(BaseSettings): # Security bcrypt_rounds: int = 12 - cors_allowed_origins: List[str] = ["http://localhost:3000", "http://localhost:5173"] - cors_allowed_origins_production: List[str] = [] + cors_allowed_origins: List[str] = ["http://localhost:3000", "http://localhost:5173", "http://localhost:8888"] + cors_allowed_origins_production: List[str] = ["http://localhost:8888"] # Audit Logging audit_logging_enabled: bool = True diff --git a/src/core/security_headers.py b/src/core/security_headers.py index 145ee2d..cbec394 100644 --- a/src/core/security_headers.py +++ b/src/core/security_headers.py @@ -245,10 +245,7 @@ def setup_security_middleware(app): Args: app: FastAPI application instance """ - # Add CORS middleware - cors_middleware = CORSSecurityMiddleware.get_middleware() - app.add_middleware(type(cors_middleware), **cors_middleware.__dict__) - + # Note: CORS middleware is configured in main.py # Add security headers middleware app.add_middleware(SecurityHeadersMiddleware)