From fe9819de582569937dd8049626b9923bc82a898c Mon Sep 17 00:00:00 2001
From: oguz ozturk <oguzozturk@oguzs-MacBook-Pro.local>
Date: Sat, 10 Jan 2026 17:58:32 +0300
Subject: [PATCH] Fix CORS: Configure Flask-CORS properly to avoid duplicate
 headers

---
 backend/app/main.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/backend/app/main.py b/backend/app/main.py
index f7d1c12..88f9c44 100644
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -23,7 +23,14 @@ if Config.ENCRYPTION_KEY:
     os.environ['ENCRYPTION_KEY'] = Config.ENCRYPTION_KEY
 
 # Extensions
-CORS(app)
+# CORS - Allow only from argeict.net
+CORS(app, resources={
+    r"/api/*": {
+        "origins": ["https://argeict.net"],
+        "methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+        "allow_headers": ["Content-Type", "Authorization"]
+    }
+})
 db.init_app(app)
 migrate = Migrate(app, db)