Conversation
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull Request Overview
This PR implements environment-based CORS configuration and adds a health check endpoint to differentiate between production and development environments. The changes enhance security by restricting allowed origins in production while maintaining development flexibility.
Key changes:
- Adds environment-aware CORS configuration that uses strict origin whitelisting in production and localhost origins in development
- Introduces a health check endpoint that reports the application's CORS mode
- Configures the
ENVIRONMENT=productionvariable in the Cloud Run deployment workflow
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| backend/main.py | Implements environment detection logic, configures CORS middleware with environment-specific allowed origins, and adds health check endpoint |
| .github/workflows/google-cloudrun-docker.yml | Sets ENVIRONMENT variable to production for Cloud Run deployment |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| allowed_origins = [ | ||
| "https://querypal.virtonomy.io", # Production frontend | ||
| "https://querypal-frontend-zynyyoxona-ew.a.run.app", # Cloud Run frontend URL (pattern) | ||
| # Add your actual Cloud Run frontend URL when you know it | ||
| ] |
There was a problem hiding this comment.
The Cloud Run URL appears to be a placeholder pattern rather than an actual frontend URL. Consider using an environment variable for the frontend URL instead of hardcoding it, or remove this entry if it's not yet deployed.
| allowed_origins = [ | |
| "https://querypal.virtonomy.io", # Production frontend | |
| "https://querypal-frontend-zynyyoxona-ew.a.run.app", # Cloud Run frontend URL (pattern) | |
| # Add your actual Cloud Run frontend URL when you know it | |
| ] | |
| # Set allowed origins from FRONTEND_URLS env var (comma-separated), or default to production frontend | |
| frontend_urls = os.getenv("FRONTEND_URLS") | |
| if frontend_urls: | |
| allowed_origins = [url.strip() for url in frontend_urls.split(",") if url.strip()] | |
| else: | |
| allowed_origins = [ | |
| "https://querypal.virtonomy.io", # Production frontend | |
| ] |
| print(f"🔧 CORS Configuration - Production mode: {is_production}") | ||
| print(f"🌐 Allowed origins: {allowed_origins}") |
There was a problem hiding this comment.
Use proper logging instead of print statements for production code. Consider using Python's logging module (e.g., logging.info()) which provides better control over log levels and output formats.
|
🎉 This PR is included in version 2.4.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
No description provided.