Skip to content

Enable CORS for Code Interpreter Server#242

Merged
mishushakov merged 2 commits intomainfrom
allow-cors
Mar 30, 2026
Merged

Enable CORS for Code Interpreter Server#242
mishushakov merged 2 commits intomainfrom
allow-cors

Conversation

@mishushakov
Copy link
Copy Markdown
Member

@mishushakov mishushakov commented Mar 30, 2026

  • some people complained being unable to access Code Intrepreter methods from Browser

@cursor
Copy link
Copy Markdown

cursor bot commented Mar 30, 2026
edited
Loading

PR Summary

Medium Risk
Adds permissive CORS (* origins/methods/headers) to the FastAPI server, which can broaden browser access to the API if it’s exposed beyond intended networks.

Overview
Enables browser access to the code interpreter HTTP API by adding FastAPI CORSMiddleware with allow_origins=["*"], allow_methods=["*"], and allow_headers=["*"].

Includes a changeset bumping @e2b/code-interpreter-template as a patch release to ship the CORS behavior change.

Written by Cursor Bugbot for commit 7517484. This will update automatically on new commits. Configure here.

cursor[bot]
cursor bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Bugbot Autofix prepared a fix for the issue found in the latest run.

  • ✅ Fixed: Wildcard CORS origins combined with credentials is insecure
    • Set CORSMiddleware to disallow credentials while keeping wildcard origins, removing the insecure credentialed cross-origin behavior.

Create PR

Or push these changes by commenting:

@cursor push a8e3782b91
Preview (a8e3782b91) 
diff --git a/template/server/main.py b/template/server/main.py
--- a/template/server/main.py
+++ b/template/server/main.py
@@ -64,7 +64,7 @@
 app.add_middleware(
     CORSMiddleware,
     allow_origins=["*"],
-    allow_credentials=True,
+    allow_credentials=False,
     allow_methods=["*"],
     allow_headers=["*"],
 )

This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 091aa47b3d

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

claude[bot]
claude bot reviewed Mar 30, 2026
View reviewed changes
@mishushakov mishushakov merged commit 88bd5ec into main Mar 30, 2026
14 checks passed
@mishushakov mishushakov deleted the allow-cors branch March 30, 2026 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@claude claude[bot] claude[bot] left review comments

@matthewlouisbrockman matthewlouisbrockman matthewlouisbrockman approved these changes

@jakubno jakubno Awaiting requested review from jakubno jakubno is a code owner

@ValentaTomas ValentaTomas Awaiting requested review from ValentaTomas ValentaTomas is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mishushakov @matthewlouisbrockman