ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-02 20:43:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add localhost to CORS_ORIGIN for web mode development

Browse Source 
The web mode launcher was setting CORS_ORIGIN to only include the system
hostname and 127.0.0.1, but users access via http://localhost:3007 which
wasn't in the allowed list.

Now includes:
- http://localhost:3007 (primary dev URL)
- http://$HOSTNAME:3007 (system hostname if needed)
- http://127.0.0.1:3007 (loopback IP)

Also cleaned up debug logging from CORS check since root cause is now clear.

Fixes: Persistent "Not allowed by CORS" errors in web mode

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
DhanushSantosh
2026-01-18 01:50:41 +05:30
parent e10cb83adc
commit b0b49764b9
2 changed files with 2 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/server/src/index.ts
View File

@@ -164,12 +164,9 @@ app.use(
return; return;
} }
console.log(`[CORS] Checking origin: ${origin}`);
// If CORS_ORIGIN is set, use it (can be comma-separated list) // If CORS_ORIGIN is set, use it (can be comma-separated list)
const allowedOrigins = process.env.CORS_ORIGIN?.split(',').map((o) => o.trim()); const allowedOrigins = process.env.CORS_ORIGIN?.split(',').map((o) => o.trim());
if (allowedOrigins && allowedOrigins.length > 0 && allowedOrigins[0] !== '*') { if (allowedOrigins && allowedOrigins.length > 0 && allowedOrigins[0] !== '*') {
console.log(`[CORS] CORS_ORIGIN env var is set: ${allowedOrigins.join(', ')}`);
if (allowedOrigins.includes(origin)) { if (allowedOrigins.includes(origin)) {
callback(null, origin); callback(null, origin);
} else { } else {
@@ -182,7 +179,6 @@ app.use(
try { try {
const url = new URL(origin); const url = new URL(origin);
const hostname = url.hostname; const hostname = url.hostname;
console.log(`[CORS] Parsed hostname: ${hostname}`);
if ( if (
hostname === 'localhost' || hostname === 'localhost' ||
@@ -193,16 +189,14 @@ app.use(
hostname.startsWith('10.') || hostname.startsWith('10.') ||
hostname.startsWith('172.') hostname.startsWith('172.')
) { ) {
console.log(`[CORS] ✓ Allowing origin: ${origin}`);
callback(null, origin); callback(null, origin);
return; return;
} }
} catch (err) { } catch (err) {
console.error(`[CORS] Error parsing URL: ${origin}`, err); // Ignore URL parsing errors
} }
// Reject other origins by default for security // Reject other origins by default for security
console.log(`[CORS] ✗ Rejecting origin: ${origin}`);
callback(new Error('Not allowed by CORS')); callback(new Error('Not allowed by CORS'));
}, },
credentials: true, credentials: true,

2
start-automaker.sh
View File

@@ -1075,7 +1075,7 @@ case $MODE in
export TEST_PORT="$WEB_PORT" export TEST_PORT="$WEB_PORT"
export VITE_SERVER_URL="http://$HOSTNAME:$SERVER_PORT" export VITE_SERVER_URL="http://$HOSTNAME:$SERVER_PORT"
export PORT="$SERVER_PORT" export PORT="$SERVER_PORT"
export CORS_ORIGIN="http://$HOSTNAME:$WEB_PORT,http://127.0.0.1:$WEB_PORT" export CORS_ORIGIN="http://localhost:$WEB_PORT,http://$HOSTNAME:$WEB_PORT,http://127.0.0.1:$WEB_PORT"
export VITE_APP_MODE="1" export VITE_APP_MODE="1"
if [ "$PRODUCTION_MODE" = true ]; then if [ "$PRODUCTION_MODE" = true ]; then