You want your FastAPI backend to accept requests from two frontend domains: https://app1.example.com and https://app2.example.com. You also want to allow all HTTP methods and headers. Which CORS middleware setup is correct?
To allow two specific domains, use a list with both URLs as strings.
Step 2: Allow all methods and headers
Using ["*"] for allow_methods and allow_headers allows all HTTP methods and headers.
Step 3: Check for syntax correctness
app.add_middleware(CORSMiddleware, allow_origins=["https://app1.example.com", "https://app2.example.com"], allow_methods=["*"], allow_headers=["*"]) correctly uses a list for origins and lists with "*" for methods and headers.
Final Answer:
app.add_middleware(CORSMiddleware, allow_origins=["https://app1.example.com", "https://app2.example.com"], allow_methods=["*"], allow_headers=["*"]) -> Option A
Quick Check:
List origins + wildcard methods/headers [OK]
Quick Trick:Use list for origins and ["*"] to allow all methods/headers [OK]
Common Mistakes:
MISTAKES
Passing origins as a single comma string
Using allow_methods with limited verbs instead of wildcard
Setting allow_origins to ["*"] when only specific domains needed
Master "Middleware and Hooks" in FastAPI
9 interactive learning modes - each teaches the same concept differently
