Skip to content

Disable CORS in prod (or completely) #9

New issue
New issue
Open
Open
Disable CORS in prod (or completely)#9
Assignees
adhfmz8
Labels
priority:lowtech-debtCould cause headaches in the future
@AshkanArabim

Description

@AshkanArabim
AshkanArabim
opened on Nov 17, 2024

server/src/server.py contains this snippet which enables CORS for all origins:

app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

This could be a security risk, and is not needed in prod since API calls are made to the same origin.

The development environment, however, will have to be modified for CORS to be completely removed since it directly exposes the backend service at port 5000 for the client to call.

Metadata

Metadata

Assignees

Labels

priority:lowtech-debtCould cause headaches in the future

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions