Summary
The server needs CORS middleware to allow cross-origin requests from frontend applications. This must be configurable since OSA will be deployed in many contexts:
- Local development (localhost:3000, localhost:8080)
- OSA Cloud hosted instances
- Self-hosted institutional deployments
Requirements
- Add CORS configuration to
osa.yaml / settings
- Support configurable
allow_origins (list of allowed origins or *)
- Support configurable
allow_credentials, allow_methods, allow_headers
- Sensible defaults for development vs production
Example Config
server:
cors:
allow_origins:
- "https://app.example.com"
allow_credentials: true
allow_methods: ["*"]
allow_headers: ["*"]Context
Currently, cross-origin requests (e.g., logout POST from frontend) fail with 405 on OPTIONS preflight because no CORS middleware is configured.
Summary
The server needs CORS middleware to allow cross-origin requests from frontend applications. This must be configurable since OSA will be deployed in many contexts:
Requirements
osa.yaml/ settingsallow_origins(list of allowed origins or*)allow_credentials,allow_methods,allow_headersExample Config
Context
Currently, cross-origin requests (e.g., logout POST from frontend) fail with 405 on OPTIONS preflight because no CORS middleware is configured.