vrr/eigent
2
0
Fork 0
mirror of https://github.com/eigent-ai/eigent.git synced 2026-05-23 04:17:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
eigent/server/app/shared/middleware/cors.py
Tong Chen 712f20a8fa
Some checks are pending
Pre-commit / pre-commit (push) Waiting to run
Details
CodeQL Advanced / Analyze (actions) (push) Waiting to run
Details
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Details
CodeQL Advanced / Analyze (python) (push) Waiting to run
Details
Test / Run Python Tests (push) Waiting to run
Details
Feat: Server refactor v1 (#1509)
2026-03-24 18:05:52 +08:00

52 lines
2 KiB
Python
Raw Permalink Blame History

# ========= Copyright 2025-2026 @ Eigent.ai All Rights Reserved. =========
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ========= Copyright 2025-2026 @ Eigent.ai All Rights Reserved. =========
"""
CORS middleware with configurable origins from env.
Reads CORS_ALLOW_ORIGINS from environment. Comma-separated list.
Defaults to ["*"] for development when not set.
When origins is ["*"], allow_credentials is False (CORS spec forbids * + credentials).
P2: Production warning when CORS_ALLOW_ORIGINS not set.
"""
import os
from loguru import logger
def get_cors_middleware():
"""
Return kwargs for CORSMiddleware. Use: add_middleware(CORSMiddleware, **get_cors_middleware())
Env: CORS_ALLOW_ORIGINS (comma-separated, e.g. "https://app.example.com,https://admin.example.com")
Default: ["*"] when not set (development). Production should set explicit origins.
"""
raw = os.getenv("CORS_ALLOW_ORIGINS", "").strip()
if raw:
origins = [o.strip() for o in raw.split(",") if o.strip()]
else:
origins = ["*"]
from app.core.environment import env
if env("debug", "") != "on":
logger.warning('CORS_ALLOW_ORIGINS not set, using ["*"]. Production should set explicit origins.')
# CORS spec: Access-Control-Allow-Origin: * cannot be used with credentials
allow_credentials = origins != ["*"]
return {
"allow_origins": origins,
"allow_credentials": allow_credentials,
"allow_methods": ["*"],
"allow_headers": ["*"],
}
Reference in a new issue View git blame Copy permalink