cors fixes

openapi_first/templates/vet_app/main.py

@@ -25,7 +25,10 @@ Example:
     uvicorn main:app
 """
 
+from starlette.middleware.cors import CORSMiddleware
+
 from openapi_first.app import OpenAPIFirstApp
+from starlette_csrf import CSRFMiddleware
 import routes
 
 app = OpenAPIFirstApp(
@@ -33,3 +36,21 @@ app = OpenAPIFirstApp(
     routes_module=routes,
     title="Veterinary Clinic Service",
 )
+
+app.add_middleware(
+    CSRFMiddleware,
+    secret="change-me-in-production",
+    cookie_name="csrftoken",
+    header_name="x-csrftoken",
+    cookie_secure=False,
+    cookie_httponly=False,
+    cookie_samesite="lax",
+)
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)