fix: enable CORS for configured frontend origins

app/main.py

@@ -1,11 +1,22 @@
 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 
 from app.api.admin import router as admin_router
 from app.api.internal import router as internal_router
 from app.api.me import router as me_router
+from app.core.config import get_settings
 
 app = FastAPI(title="memberapi.ose.tw", version="0.1.0")
 
+settings = get_settings()
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.public_frontend_origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 
 @app.get("/healthz", tags=["health"])
 def healthz() -> dict[str, str]: