Skip to content

Commit 80df46c

Browse files
Herklosclaude
andcommitted
[Node] allow *.octobot.cloud origins in CORS + BACKEND_CORS_ORIGIN_REGEX env var
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 76bb311 commit 80df46c

3 files changed

Lines changed: 9 additions & 1 deletion

File tree

packages/services/octobot_services/constants.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@
6161
ENV_WEB_ADDRESS = "WEB_ADDRESS"
6262
ENV_CORS_ALLOWED_ORIGINS = "CORS_ALLOWED_ORIGINS"
6363
ENV_BACKEND_CORS_ALLOWED_ORIGINS = "BACKEND_CORS_ALLOWED_ORIGINS"
64+
ENV_BACKEND_CORS_ORIGIN_REGEX = "BACKEND_CORS_ORIGIN_REGEX"
6465
ENV_AUTO_OPEN_IN_WEB_BROWSER = "AUTO_OPEN_IN_WEB_BROWSER"
6566
DEFAULT_SERVER_IP = '0.0.0.0'
6667
DEFAULT_SERVER_PORT = 5001

packages/tentacles/Services/Interfaces/node_api_interface/node_api.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@
4444
build_api_router = _api_main.build_api_router
4545

4646
LOCALHOST_ORIGIN_REGEX = r"^https?://(localhost|127\.0\.0\.1)(:\d+)?$"
47+
OCTOBOT_CLOUD_ORIGIN_REGEX = r"^https://([a-z0-9-]+\.)*octobot\.cloud$"
48+
ALLOWED_ORIGIN_REGEX = f"({LOCALHOST_ORIGIN_REGEX}|{OCTOBOT_CLOUD_ORIGIN_REGEX})"
4749

4850

4951
def custom_generate_unique_id(route: APIRoute) -> str:
@@ -96,10 +98,12 @@ async def _async_run(self) -> bool:
9698
# Set CORS from service config
9799
cors_origins_str = self.node_api_service.get_backend_cors_origins()
98100
cors_origins = [i.strip() for i in cors_origins_str.split(",") if i.strip()] if cors_origins_str else []
101+
extra_regex = self.node_api_service.get_backend_cors_origin_regex()
102+
origin_regex = f"({ALLOWED_ORIGIN_REGEX}|{extra_regex})" if extra_regex else ALLOWED_ORIGIN_REGEX
99103
self.app.add_middleware(
100104
CORSMiddleware,
101105
allow_origins=cors_origins,
102-
allow_origin_regex=LOCALHOST_ORIGIN_REGEX,
106+
allow_origin_regex=origin_regex,
103107
allow_credentials=True,
104108
allow_methods=["*"],
105109
allow_headers=["*"],

packages/tentacles/Services/Services_bases/node_api_service/node_api.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -176,3 +176,6 @@ def get_node_postgres_url(self):
176176

177177
def get_backend_cors_origins(self):
178178
return os.getenv(services_constants.ENV_BACKEND_CORS_ALLOWED_ORIGINS, self.backend_cors_origins)
179+
180+
def get_backend_cors_origin_regex(self):
181+
return os.getenv(services_constants.ENV_BACKEND_CORS_ORIGIN_REGEX, "")

0 commit comments

Comments
 (0)