open-notebook

mirror of https://github.com/lfnovo/open-notebook.git synced 2026-05-20 00:56:18 +00:00

History

Luis Novo ec41ef8f2f Some checks failed Development Build / extract-version (push) Has been cancelled Details Tests / Backend Tests (push) Has been cancelled Details Tests / Frontend Tests (push) Has been cancelled Details Development Build / build-regular (push) Has been cancelled Details Development Build / build-single (push) Has been cancelled Details Development Build / summary (push) Has been cancelled Details feat(api): add configurable CORS origins via CORS_ORIGINS (#767 ) Replace hardcoded `allow_origins=[""]` with a parsed `CORS_ORIGINS` environment variable (comma-separated). Default remains `` for backward compatibility — no existing deployment breaks — but the API now logs a startup warning prompting users to set it explicitly for production. Exception handlers now route their CORS headers through a shared `_cors_headers()` helper that mirrors Starlette's CORSMiddleware behavior: reflects the request Origin when allowed (handling the browser-rejected `*` + credentials combination correctly), and omits `Access-Control-Allow-Origin` for disallowed origins so error bodies don't leak cross-origin when `CORS_ORIGINS` is configured. Closes #585, #730. Based on the original work by Greg Grace in #597; rewritten on top of current main to address prior review feedback (load_dotenv kept at top, `import os` grouped with stdlib, `_cors_headers` defined before its exception-handler callers, origins parsed once at module load) and to choose a non-breaking default paired with a startup warning instead of a stricter-by-default origin. Co-authored-by: Greg Grace <ggrace@519lab.com>		2026-04-19 16:22:10 -03:00
..
routers	fix: narrow exception handling and support migrate_to for broken credentials	2026-04-14 10:34:32 -03:00
__init__.py	Api podcast migration (#93 )	2025-07-17 08:36:11 -03:00
auth.py	feat: credential-based API key management (#477 ) (#540 )	2026-02-10 08:30:22 -03:00
chat_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
CLAUDE.md	feat(podcasts): model registry integration, credential passthrough & new features (#632 )	2026-02-27 11:06:47 -03:00
client.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
command_service.py	Version 1 (#160 )	2025-10-18 12:46:22 -03:00
context_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
credentials_service.py	fix: handle credential decryption errors gracefully (#740 )	2026-04-12 21:22:37 -03:00
embedding_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
episode_profiles_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
insights_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
main.py	feat(api): add configurable CORS origins via CORS_ORIGINS (#767 )	2026-04-19 16:22:10 -03:00
models.py	fix: handle credential decryption errors gracefully (#740 )	2026-04-12 21:22:37 -03:00
models_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
notebook_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
notes_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
podcast_api_service.py	Version 1 (#160 )	2025-10-18 12:46:22 -03:00
podcast_service.py	refactor: reorganize folder structure for better maintainability	2026-01-03 14:04:27 -03:00
search_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
settings_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
sources_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00
transformations_service.py	Feat/localization tests docker (#371 )	2026-01-15 13:51:05 -03:00