From 6474a3d11e1c80b408f3f9cd8c247e9ddf9657d7 Mon Sep 17 00:00:00 2001
From: MingxuanGame <MingxuanGame@outlook.com>
Date: Tue, 12 Aug 2025 05:33:24 +0000
Subject: [PATCH] feat(server): add extra CORS origins url configuration

---
 .env.example  | 2 ++
 README.md     | 1 +
 app/config.py | 1 +
 main.py       | 2 +-
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index 94dd4a7..f73f754 100644
--- a/.env.example
+++ b/.env.example
@@ -20,6 +20,8 @@ HOST="0.0.0.0"
 PORT=8000
 # 服务器 URL
 SERVER_URL="http://localhost:8000"
+# 额外的 CORS 允许的域名列表
+CORS_URLS='[]'
 # 调试模式，生产环境请设置为 false
 DEBUG=false
 # 私有 API 密钥，用于前后端 API 调用，使用 openssl rand -hex 32 生成
diff --git a/README.md b/README.md
index 8a8c5dc..9293b97 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ docker-compose -f docker-compose-osurx.yml up -d
 | `PORT` | 服务器监听端口 | `8000` |
 | `DEBUG` | 调试模式 | `false` |
 | `SERVER_URL` | 服务器 URL | `http://localhost:8000` |
+| `CORS_URLS` | 额外的 CORS 允许的域名列表 (JSON 格式) | `[]` |
 | `PRIVATE_API_SECRET` | 私有 API 密钥，用于前后端 API 调用 | `your_private_api_secret_here` |
 
 ### OAuth 设置
diff --git a/app/config.py b/app/config.py
index 54486d7..ff1bec8 100644
--- a/app/config.py
+++ b/app/config.py
@@ -65,6 +65,7 @@ class Settings(BaseSettings):
     port: int = 8000
     debug: bool = False
     private_api_secret: str = "your_private_api_secret_here"
+    cors_urls: list[HttpUrl] = []
     server_url: HttpUrl = HttpUrl("http://localhost:8000")
 
     # SignalR 设置
diff --git a/main.py b/main.py
index 8d14f94..5d816f7 100644
--- a/main.py
+++ b/main.py
@@ -48,7 +48,7 @@ app.include_router(private_router)
 # CORS 配置
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=[str(settings.server_url)],
+    allow_origins=[str(url) for url in [*settings.cors_urls, settings.server_url]],
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],