temp: allow all CORS origins for debugging LDAP login issue

Temporarily using allow_origins=['*'] to debug whether CORS is blocking
LDAP login requests from VPN client. This is insecure for production.
TODO: Fix subnet pattern matching in ALLOWED_ORIGINS configuration.
This commit is contained in:
2026-04-21 15:32:01 +03:00
parent fcff97bae2
commit 904e153d8a

View File

@@ -121,11 +121,13 @@ def is_origin_allowed(origin: str) -> bool:
return False
# Add CORS middleware FIRST (before rate limiter)
# Note: Subnet validation happens during configuration (EXTRA_ALLOWED_ORIGINS)
# The is_origin_allowed() function is available for route-level validation if needed
# Temporary: Allow all origins to debug LDAP login issue
# TODO: Fix subnet matching in ALLOWED_ORIGINS configuration
# For now, using ["*"] to allow all origins during testing
log.warning("⚠️ [CORS] Using allow_origins=['*'] - INSECURE FOR PRODUCTION!")
app.add_middleware(
CORSMiddleware,
allow_origins=ALLOWED_ORIGINS,
allow_origins=["*"], # Temporarily allow all origins for testing
allow_credentials=True,
allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
allow_headers=["*"],