Fix staging preview CORS allowlist (SKY-12074) (#7212)

This commit is contained in:
Aaron Perez 2026-07-08 16:19:00 -05:00 committed by GitHub
parent 265679e9dd
commit ac01aca99c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 20 additions and 2 deletions

View file

@ -212,6 +212,7 @@ class Settings(BaseSettings):
ENABLE_CODE_BLOCK_SELF_HEALING: bool = False
PORT: int = 8000
ALLOWED_ORIGINS: list[str] = ["*"]
ALLOWED_ORIGIN_REGEX: str | None = None
BLOCKED_HOSTS: list[str] = ["localhost"]
ALLOWED_HOSTS: list[str] = []

View file

@ -25,3 +25,11 @@ def credentialed_cors_allow_origins(allowed_origins: Sequence[str]) -> list[str]
)
return credentialed_origins
def credentialed_cors_allow_origin_regex(allowed_origin_regex: str | None) -> str | None:
if allowed_origin_regex is None:
return None
stripped_origin_regex = allowed_origin_regex.strip()
return stripped_origin_regex or None

View file

@ -26,7 +26,7 @@ from starlette_context.middleware import RawContextMiddleware
from starlette_context.plugins.base import Plugin
from skyvern.config import _ensure_sqlite_dir, settings
from skyvern.cors import credentialed_cors_allow_origins
from skyvern.cors import credentialed_cors_allow_origin_regex, credentialed_cors_allow_origins
from skyvern.exceptions import SkyvernHTTPException
from skyvern.forge import app as forge_app
from skyvern.forge.forge_app_initializer import start_forge_app
@ -64,6 +64,7 @@ def add_credentialed_cors_middleware(fastapi_app: FastAPI) -> None:
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
allow_origin_regex=credentialed_cors_allow_origin_regex(settings.ALLOWED_ORIGIN_REGEX),
)

View file

@ -1,4 +1,4 @@
from skyvern.cors import credentialed_cors_allow_origins
from skyvern.cors import credentialed_cors_allow_origin_regex, credentialed_cors_allow_origins
def test_credentialed_cors_allow_origins_drops_wildcards() -> None:
@ -10,3 +10,11 @@ def test_credentialed_cors_allow_origins_drops_wildcards() -> None:
"",
]
) == ["https://app.example.test"]
def test_credentialed_cors_allow_origin_regex_normalizes_blank_values() -> None:
assert credentialed_cors_allow_origin_regex(None) is None
assert credentialed_cors_allow_origin_regex(" ") is None
assert credentialed_cors_allow_origin_regex(r" \Ahttps://app\.example\.test\Z ") == (
r"\Ahttps://app\.example\.test\Z"
)