from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI(debug=True)

# BAD: CORS with wildcard and credentials
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
)

SECRET_KEY = "hardcoded-secret"

@app.get("/")
def read_root():
    return {"Hello": "World"}