app.py

from fastapi import FastAPI, Request, Response, HTTPException, Cookie
from fastapi.responses import JSONResponse
from fastapi.middleware.cors import CORSMiddleware
from typing import Optional

app = FastAPI()

app.add_middleware(
    CORSMiddleware,
    allow_origins=["https://ancient-time-545042.framer.app"],
    allow_credentials=True,
    allow_methods=["GET", "POST", "OPTIONS"],
    allow_headers=[
        "Content-Type", 
        "Authorization",
        "Access-Control-Allow-Credentials",
        "Access-Control-Allow-Origin",
        "Access-Control-Allow-Headers",
    ],
    expose_headers=["Set-Cookie"]
)

@app.get("/")
def greet_json(request: Request):
    response = JSONResponse(content={
        "Hello": "World!",
        "cookies": request.cookies
    })
    return response

@app.post("/auth")
async def auth(request: Request):
    data = await request.json()
    if data.get("username") == "admin" and data.get("password") == "password":
        # Create response
        response = JSONResponse(
            content={"message": "Authentication successful"},
            status_code=200
        )
        
        # Set cookie with correct parameters for cross-origin
        response.set_cookie(
            key="comfy_session",
            value="dummy_session_value",
            httponly=True,
            secure=True,
            samesite="none",  # Required for cross-origin
            # Don't set domain to allow the cookie to be set on the Framer domain
            max_age=1800,  # 30 minutes
            path="/"
        )
        
        return response
    raise HTTPException(status_code=401, detail="Invalid credentials")

@app.get("/protected")
def protected_route(comfy_session: Optional[str] = Cookie(None)):
    if comfy_session != "dummy_session_value":
        raise HTTPException(status_code=401, detail="Unauthorized")
    return {"message": "Access granted to protected route"}