From 904e153d8a33322ebfb3f624fcd19877dc1d39a5 Mon Sep 17 00:00:00 2001 From: Daniel Bedeleanu Date: Tue, 21 Apr 2026 15:32:01 +0300 Subject: [PATCH] temp: allow all CORS origins for debugging LDAP login issue Temporarily using allow_origins=['*'] to debug whether CORS is blocking LDAP login requests from VPN client. This is insecure for production. TODO: Fix subnet pattern matching in ALLOWED_ORIGINS configuration. --- backend/main.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/backend/main.py b/backend/main.py index bebc03c9..e1affb9d 100644 --- a/backend/main.py +++ b/backend/main.py @@ -121,11 +121,13 @@ def is_origin_allowed(origin: str) -> bool: return False # Add CORS middleware FIRST (before rate limiter) -# Note: Subnet validation happens during configuration (EXTRA_ALLOWED_ORIGINS) -# The is_origin_allowed() function is available for route-level validation if needed +# Temporary: Allow all origins to debug LDAP login issue +# TODO: Fix subnet matching in ALLOWED_ORIGINS configuration +# For now, using ["*"] to allow all origins during testing +log.warning("⚠️ [CORS] Using allow_origins=['*'] - INSECURE FOR PRODUCTION!") app.add_middleware( CORSMiddleware, - allow_origins=ALLOWED_ORIGINS, + allow_origins=["*"], # Temporarily allow all origins for testing allow_credentials=True, allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], allow_headers=["*"],