fix backend but vnc url is still broken

backend/agent/api.py

@@ -285,8 +285,8 @@ async def start_agent(thread_id: str, user_id: str = Depends(get_current_user_id
             'sandbox': {
                 'id': sandbox_id,
                 'pass': sandbox_pass,
-                'vnc_preview': sandbox.get_preview_link(6080),
+                'vnc_preview': str(sandbox.get_preview_link(6080)),
-                'sandbox_url': sandbox.get_preview_link(8080)
+                'sandbox_url': str(sandbox.get_preview_link(8080))
             }
         }).eq('project_id', project_id).execute()
     

backend/api.py

@@ -56,10 +56,10 @@ app = FastAPI(lifespan=lifespan)
 
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],
+    allow_origins=["https://www.suna.so", "https://suna.so", "http://localhost:3000"],
     allow_credentials=True,
-    allow_methods=["*"],
+    allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
-    allow_headers=["*"],
+    allow_headers=["Content-Type", "Authorization"],
 )
 
 # Include the agent router with a prefix

frontend/src/lib/api.ts

@@ -454,6 +454,7 @@ export const startAgent = async (threadId: string): Promise<{ agent_run_id: stri
         'Content-Type': 'application/json',
         'Authorization': `Bearer ${session.access_token}`,
       },
+      credentials: 'include',
     });
     
     if (!response.ok) {
@@ -519,6 +520,7 @@ export const getAgentStatus = async (agentRunId: string): Promise<AgentRun> => {
       headers: {
         'Authorization': `Bearer ${session.access_token}`,
       },
+      credentials: 'include',
     });
     
     if (!response.ok) {
@@ -562,6 +564,7 @@ export const getAgentRuns = async (threadId: string): Promise<AgentRun[]> => {
       headers: {
         'Authorization': `Bearer ${session.access_token}`,
       },
+      credentials: 'include',
     });
     
     if (!response.ok) {