From ff698068033b47da0101fb16856ac8d6f8a582e9 Mon Sep 17 00:00:00 2001 From: Rene Luria Date: Mon, 29 Jun 2026 16:40:36 +0200 Subject: [PATCH] fix: Permissive CORS Configuration --- myice/webapi.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/myice/webapi.py b/myice/webapi.py index 3b05dd3..97706da 100644 --- a/myice/webapi.py +++ b/myice/webapi.py @@ -26,16 +26,19 @@ ALLOWED_USERS = ( else [] ) -origins = ["*"] - +origins = ( + os.environ.get("ALLOWED_ORIGINS", "").split(",") + if os.environ.get("ALLOWED_ORIGINS") + else [] +) app = FastAPI() app.add_middleware( CORSMiddleware, allow_origins=origins, allow_credentials=True, - allow_methods=["*"], - allow_headers=["*"], + allow_methods=["GET", "POST"], + allow_headers=["Authorization", "Content-Type"], ) block_endpoints = ["/health"]