main: change 'allow_origins' from * to URLs

To send cross site requests from pulpito-ng with `withCredentials`, the server cannot have `*` as allowed origins. Signed-off-by: Vallari <[email protected]>
ceph · Aug 16, 2023 · 6d80019 · 6d80019
1 parent 52b682e
commit 6d80019
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/main.py b/src/main.py
@@ -10,6 +10,8 @@
 
 DEPLOYMENT = os.getenv("DEPLOYMENT")
 SESSION_SECRET_KEY = os.getenv("SESSION_SECRET_KEY")
+PULPITO_URL = os.getenv("PULPITO_URL")
+PADDLES_URL = os.getenv("PADDLES_URL")
 
 log = logging.getLogger(__name__)
 app = FastAPI()
@@ -26,7 +28,7 @@ def read_root(request: Request):
 if DEPLOYMENT == "development":
     app.add_middleware(
         CORSMiddleware,
-        allow_origins=["*"],
+        allow_origins=[PULPITO_URL, PADDLES_URL],
         allow_credentials=True,
         allow_methods=["*"],
         allow_headers=["*"],