temp: allow all CORS origins for debugging LDAP login issue
Temporarily using allow_origins=['*'] to debug whether CORS is blocking LDAP login requests from VPN client. This is insecure for production. TODO: Fix subnet pattern matching in ALLOWED_ORIGINS configuration.
This commit is contained in:
@@ -121,11 +121,13 @@ def is_origin_allowed(origin: str) -> bool:
|
||||
return False
|
||||
|
||||
# Add CORS middleware FIRST (before rate limiter)
|
||||
# Note: Subnet validation happens during configuration (EXTRA_ALLOWED_ORIGINS)
|
||||
# The is_origin_allowed() function is available for route-level validation if needed
|
||||
# Temporary: Allow all origins to debug LDAP login issue
|
||||
# TODO: Fix subnet matching in ALLOWED_ORIGINS configuration
|
||||
# For now, using ["*"] to allow all origins during testing
|
||||
log.warning("⚠️ [CORS] Using allow_origins=['*'] - INSECURE FOR PRODUCTION!")
|
||||
app.add_middleware(
|
||||
CORSMiddleware,
|
||||
allow_origins=ALLOWED_ORIGINS,
|
||||
allow_origins=["*"], # Temporarily allow all origins for testing
|
||||
allow_credentials=True,
|
||||
allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
|
||||
allow_headers=["*"],
|
||||
|
||||
Reference in New Issue
Block a user