From 827dfdcaf54757bb95b1db4f993bb1648982ef76 Mon Sep 17 00:00:00 2001
From: Paulo Reyes <aijin02@gmail.com>
Date: Tue, 10 Feb 2026 22:07:42 +0800
Subject: [PATCH] Fix: Removed redundant FastAPI CORS to prevent duplicate
 headers

---
 app/main.py | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/app/main.py b/app/main.py
index 8ce698e..5c0ec42 100644
--- a/app/main.py
+++ b/app/main.py
@@ -1,5 +1,5 @@
 from fastapi import FastAPI, Request
-from fastapi.middleware.cors import CORSMiddleware
+# from fastapi.middleware.cors import CORSMiddleware
 from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
 
@@ -40,17 +40,7 @@ def create_application() -> FastAPI:
         print(f"DEBUG: Status Code: {response.status_code}")
         return response
 
-    # Set up fully permissive CORS for maximum compatibility
-    application.add_middleware(
-        CORSMiddleware,
-        allow_origins=["*"],
-        allow_credentials=False,
-        allow_methods=["*"],
-        allow_headers=["*"],
-        expose_headers=["*"],
-    )
-    
-    # Set up Rate Limiter
+    # Set up Rate Limiter (CORS is handled by Caddy at the edge)
     application.state.limiter = limiter
     
     @application.exception_handler(RateLimitExceeded)