跨域bug修复1

backend/middleware/auth_middleware.py

@@ -107,7 +107,18 @@ class AuthMiddleware(BaseHTTPMiddleware):
             logger.error(f"认证中间件异常: {e}", exc_info=True)
             return self._cors_response(request, 401, "认证服务异常，请稍后重试")
         
-        return await call_next(request)
+        try:
+            response = await call_next(request)
+            # 为所有响应确保CORS头存在（防止路由层异常导致CORS头丢失）
+            origin = request.headers.get("origin", "")
+            allowed_origins = settings.CORS_ORIGINS or []
+            if origin in allowed_origins and not response.headers.get("access-control-allow-origin"):
+                response.headers["access-control-allow-origin"] = origin
+                response.headers["access-control-allow-credentials"] = "true"
+            return response
+        except Exception as e:
+            logger.error(f"[Auth] call_next异常: {e}", exc_info=True)
+            return self._cors_response(request, 500, "服务器内部错误")
     
     def _cors_response(self, request: Request, status_code: int, message: str) -> JSONResponse:
         """创建带CORS头的响应"""