WIP: Working on player

api/src/rehearsalhub/main.py

@@ -52,9 +52,24 @@ def create_app() -> FastAPI:
     app.state.limiter = limiter
     app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
 
+    # Get allowed origins from environment or use defaults
+    allowed_origins = [f"https://{settings.domain}", "http://localhost:3000"]
+    
+    # Add specific domain for production
+    if settings.domain != "localhost":
+        allowed_origins.extend([
+            f"https://{settings.domain}",
+            f"http://{settings.domain}",
+        ])
+    
+    # Add additional CORS origins from environment variable
+    if settings.cors_origins:
+        additional_origins = [origin.strip() for origin in settings.cors_origins.split(",")]
+        allowed_origins.extend(additional_origins)
+    
     app.add_middleware(
         CORSMiddleware,
-        allow_origins=[f"https://{settings.domain}", "http://localhost:3000"],
+        allow_origins=allowed_origins,
         allow_credentials=True,
         allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE"],
         allow_headers=["Authorization", "Content-Type", "Accept"],