Add CORS middleware for STT web services

[suvanbanerjee]

Summary by CodeRabbit

• New Features
  • Enabled CORS (Cross-Origin Resource Sharing) support for cross-origin requests
  • Added configurable environment variable for managing allowed origins

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The pull request adds CORS (Cross-Origin Resource Sharing) support to a FastAPI HTTP server application. A new environment variable CORS_ORIGINS is defined in the example configuration file, and the corresponding middleware is implemented in the application initialization to enable cross-origin requests based on this configuration.

Changes

Cohort / File(s)	Summary
CORS Configuration \.env\.example	Added CORS_ORIGINS environment variable with example value https://example.com,http://localhost:3000
CORS Middleware Implementation ovos_stt_http_server/__init__.py	Introduced os import and CORSMiddleware from fastapi.middleware.cors; configured middleware to read CORS_ORIGINS from environment variable and apply it to FastAPI app with credentials, methods, and headers enabled

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Straightforward CORS configuration following standard FastAPI patterns
• No complex logic or conditional flows
• Single-location middleware initialization
• Environment variable reading is straightforward

Poem

🐰 A hop through CORS today,
Origins configured in just the right way,
Cross-domain requests now flow free,
Through the FastAPI—with credentials, you see!
Simple, secure, and safe to deploy. ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding CORS middleware to the FastAPI application for the STT HTTP server.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

ovos_stt_http_server/__init__.py (1)

13-18: CORS middleware wiring looks good; consider handling blank CORS_ORIGINS explicitly

Using CORS_ORIGINS from the environment, splitting on commas, and wiring CORSMiddleware with allow_origins, credentials, methods, and headers is a solid approach and addresses the earlier request to make this configurable via env vars.

One small edge case: if CORS_ORIGINS is set but left empty (CORS_ORIGINS=""), cors_origins becomes "" and origins becomes [""], which effectively disables CORS in a somewhat surprising way. You might optionally special-case this and treat an empty string as either:

• “no CORS” (e.g., origins = []), or
• “same as default” (e.g., fall back to "*"),

depending on your intended semantics for “empty but defined”.

Also applies to: 110-118

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1c0c493 and 3acfea9.

📒 Files selected for processing (2)

• .env.example (1 hunks)
• ovos_stt_http_server/__init__.py (2 hunks)

🔇 Additional comments (1)

.env.example (1)

1-1: CORS_ORIGINS example aligns with implementation

The variable name and comma-separated format match the parsing logic in create_app, so this example should work as-is for typical single- and multi-origin setups.