Revert "Middleware fix"

marcelomizuno · marcelomizuno · commit 0bd34d843ee9 · 2025-04-07T17:50:44.000-03:00
This reverts commit 80eb972.
diff --git a/backend/app/api/routes/utils.py b/backend/app/api/routes/utils.py
@@ -31,16 +31,16 @@ async def health_check() -> bool:
     return True
 
 
-@router.get("/cors-debug", tags=["utils"])
-def cors_debug():
+@router.get("/cors-debug", tags=["utils"], response_model=dict)
+def cors_debug() -> dict:
     """
-    Returns CORS configuration information for debugging.
+    Endpoint for debugging CORS settings
     """
     from app.core.config import settings
     
     return {
-        "cors_origins": [str(origin) for origin in settings.BACKEND_CORS_ORIGINS],
+        "cors_origins": settings.BACKEND_CORS_ORIGINS,
         "all_cors_origins": settings.all_cors_origins,
         "frontend_host": settings.FRONTEND_HOST,
-        "environment": settings.ENVIRONMENT
+        "environment": settings.ENVIRONMENT,
     }
diff --git a/backend/app/core/middleware.py b/backend/app/core/middleware.py
@@ -1,30 +1,73 @@
 import logging
-from typing import Callable, List
+from typing import Callable
 
-from fastapi import FastAPI
+from fastapi import FastAPI, Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
 from starlette.middleware.cors import CORSMiddleware
+from starlette.types import ASGIApp
 
 from app.core.config import settings
 
 logger = logging.getLogger(__name__)
 
+
+class CustomCORSMiddleware(BaseHTTPMiddleware):
+    def __init__(
+        self,
+        app: ASGIApp,
+    ) -> None:
+        super().__init__(app)
+        self.allowed_origins = settings.all_cors_origins
+        logger.info(f"Configured CORS origins: {self.allowed_origins}")
+    
+    async def dispatch(self, request: Request, call_next: Callable) -> Response:
+        origin = request.headers.get("origin", "")
+        logger.info(f"Request from origin: {origin}")
+        
+        # Handle preflight OPTIONS requests explicitly
+        if request.method == "OPTIONS":
+            response = Response(status_code=200)
+            self._set_cors_headers(response, origin)
+            return response
+            
+        # For all other requests, continue with normal processing
+        response = await call_next(request)
+        
+        # Add CORS headers to response
+        self._set_cors_headers(response, origin)
+        
+        return response
+    
+    def _set_cors_headers(self, response: Response, origin: str) -> None:
+        if not origin:
+            return
+            
+        # Force add origin if in production environment
+        if settings.ENVIRONMENT != "local" and origin:
+            response.headers["Access-Control-Allow-Origin"] = origin
+            response.headers["Access-Control-Allow-Credentials"] = "true"
+            response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
+            response.headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type, Accept"
+            response.headers["Access-Control-Max-Age"] = "3600"
+            logger.info(f"Added CORS headers for origin: {origin}")
+        elif origin in self.allowed_origins:
+            response.headers["Access-Control-Allow-Origin"] = origin
+            response.headers["Access-Control-Allow-Credentials"] = "true"
+            response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
+            response.headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type, Accept"
+            response.headers["Access-Control-Max-Age"] = "3600"
+            logger.info(f"Added CORS headers for origin: {origin}")
+        else:
+            logger.warning(f"Origin not allowed: {origin}")
+
+
 def setup_cors(app: FastAPI) -> None:
-    """
-    Configure CORS for the application - must be called before app startup.
-    """
-    origins = settings.all_cors_origins
+    """Configure CORS for the application."""
     
-    logger.info(f"Setting up CORS middleware with origins: {origins}")
+    # Remove any existing CORS middleware
+    app.middleware_stack = app.build_middleware_stack()
     
-    # Add CORS middleware
-    app.add_middleware(
-        CORSMiddleware,
-        allow_origins=origins or ["*"],
-        allow_credentials=True,
-        allow_methods=["*"],
-        allow_headers=["*"],
-        expose_headers=["Content-Disposition"],
-        max_age=3600,
-    )
+    # Add our custom CORS middleware
+    app.add_middleware(CustomCORSMiddleware)
     
-    logger.info("CORS middleware configured")
+    logger.info("Custom CORS middleware configured")
diff --git a/backend/app/main.py b/backend/app/main.py
@@ -32,10 +32,6 @@ async def lifespan(app: FastAPI):
     title=settings.PROJECT_NAME, openapi_url=f"{settings.API_V1_STR}/openapi.json", lifespan=lifespan
 )
 
-# Debug logging for CORS origins
-origins = settings.all_cors_origins
-logger.info(f"CORS origins: {origins}")
-
 # Use our custom CORS middleware instead of the default FastAPI one
 setup_cors(app)
 

Original file line number	Diff line number	Diff line change
`@@ -32,10 +32,6 @@ async def lifespan(app: FastAPI):`
`32`	`32`	`title=settings.PROJECT_NAME, openapi_url=f"{settings.API_V1_STR}/openapi.json", lifespan=lifespan`
`33`	`33`	`)`
`34`	`34`
`35`		`-# Debug logging for CORS origins`
`36`		`-origins = settings.all_cors_origins`
`37`		`-logger.info(f"CORS origins: {origins}")`
`38`		`-`
`39`	`35`	`# Use our custom CORS middleware instead of the default FastAPI one`
`40`	`36`	`setup_cors(app)`
`41`	`37`