fix: delete origins

src/infrastructure/config/settings.py

@@ -57,6 +57,8 @@ class Settings(BaseSettings):
     CSRF_COOKIE_PATH: str = '/'
     CSRF_COOKIE_DOMAIN: str | None = None
 
+    AUTH_COOKIE_SECURE: bool = False
+
     DOCS_USERNAME: str = 'admin'
     DOCS_PASSWORD: str = 'admin'
 
@@ -81,9 +83,6 @@ class Settings(BaseSettings):
     RABBIT_CONNECT_TIMEOUT: int = 5
     RABBIT_EMAIL_CODE_QUEUE: str = 'email.verification_code'
 
-    CORS_ORIGINS: str = 'http://localhost:3000'
-    CORS_ALLOW_CREDENTIALS: bool = True
-
     RATE_LIMIT_REQUESTS: int = 60
     RATE_LIMIT_WINDOW: int = 60
 
@@ -245,10 +244,6 @@ class Settings(BaseSettings):
         return data
 
 
-    def cors_origins_list(self) -> List[str]:
-        return [o.strip() for o in self.CORS_ORIGINS.split(',') if o.strip()]
-
-
     @property
     def DATABASE_URL(self) -> str:
         return (

src/main.py

@@ -117,8 +117,8 @@ app.add_middleware(
 
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=settings.cors_origins_list(),
+    allow_origin_regex=r'https?://.+',
-    allow_credentials=settings.CORS_ALLOW_CREDENTIALS,
+    allow_credentials=True,
     allow_methods=['*'],
     allow_headers=['*'],
 )

src/presentation/routing/auth.py

@@ -76,7 +76,7 @@ async def registration(
         key='device_id',
         value=device_id,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=60 * 60 * 24 * 365 * 5
@@ -86,7 +86,7 @@ async def registration(
         key='access_token',
         value=created.access_token,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=int(settings.JWT_ACCESS_TTL_SECONDS),
@@ -95,7 +95,7 @@ async def registration(
         key='refresh_token',
         value=created.refresh_token,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=int(settings.JWT_REFRESH_TTL_SECONDS),
@@ -167,7 +167,7 @@ async def login(
         key='device_id',
         value=device_id,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=60 * 60 * 24 * 365 * 5
@@ -177,7 +177,7 @@ async def login(
         key='access_token',
         value=dto.access_token,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=int(settings.JWT_ACCESS_TTL_SECONDS),
@@ -187,7 +187,7 @@ async def login(
         key='refresh_token',
         value=dto.refresh_token,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=int(settings.JWT_REFRESH_TTL_SECONDS),

src/presentation/routing/jwt.py

@@ -42,7 +42,7 @@ async def refresh_tokens(
         key='access_token',
         value=access,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=int(settings.JWT_ACCESS_TTL_SECONDS),
@@ -51,7 +51,7 @@ async def refresh_tokens(
         key='refresh_token',
         value=refresh,
         httponly=True,
-        secure=True,
+        secure=settings.AUTH_COOKIE_SECURE,
         samesite='lax',
         path='/',
         max_age=int(settings.JWT_REFRESH_TTL_SECONDS),