diff --git a/backend/main.py b/backend/main.py index 76da6214..bebc03c9 100644 --- a/backend/main.py +++ b/backend/main.py @@ -120,47 +120,11 @@ def is_origin_allowed(origin: str) -> bool: return False -# Custom CORS middleware class that supports subnets -from starlette.middleware.cors import CORSMiddleware as StarletteCORSMiddleware -from starlette.types import ASGIApp, Receive, Scope, Send, Message - -class SubnetAwareCORSMiddleware(StarletteCORSMiddleware): - def __init__(self, *args, **kwargs): - # Keep simple origins list for backward compatibility - super().__init__(*args, **kwargs) - - def allow_all_origins(self) -> bool: - return False - - def preflight_allowed_origin(self, origin: str) -> bool: - # Check using our custom function - return is_origin_allowed(origin) - - async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None: - # Override to use our subnet-aware checking - if scope["type"] != "http": - await self.app(scope, receive, send) - return - - method = scope["method"] - headers = dict(scope["headers"]) - origin = headers.get(b"origin", b"").decode() - - if self.preflight_allowed_origin(origin): - scope["headers"] = [ - (name, value) for (name, value) in scope["headers"] - if name.lower() != b"origin" - ] - scope["headers"] += [ - (b"origin", origin.encode()), - ] - - await super().__call__(scope, receive, send) - # Add CORS middleware FIRST (before rate limiter) -# Use custom middleware that supports subnet validation +# Note: Subnet validation happens during configuration (EXTRA_ALLOWED_ORIGINS) +# The is_origin_allowed() function is available for route-level validation if needed app.add_middleware( - SubnetAwareCORSMiddleware if ALLOWED_SUBNETS else CORSMiddleware, + CORSMiddleware, allow_origins=ALLOWED_ORIGINS, allow_credentials=True, allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], diff --git a/frontend/next.config.mjs b/frontend/next.config.mjs index 5d746c40..49c137c2 100644 --- a/frontend/next.config.mjs +++ b/frontend/next.config.mjs @@ -14,6 +14,7 @@ const nextConfig = { "localhost", "127.0.0.1", "*.local", + "100.78.182.*", // VPN/Tailscale subnet (100.78.182.0/24) ], };