ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-04 09:13:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: improve CORS configuration to handle localhost and private IPs

Browse Source 
The CORS check was too strict for local development. Changed to:
- Parse origin URL properly to extract hostname
- Allow all localhost origins (any port)
- Allow all 127.0.0.1 origins (loopback IP)
- Allow all private network IPs (192.168.x.x, 10.x.x.x, 172.x.x.x)
- Keep security by rejecting unknown origins

This fixes CORS errors when accessing from http://localhost:3007
or other local addresses during web mode development.

Fixes: "Not allowed by CORS" errors in web mode

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
DhanushSantosh
2026-01-18 01:45:10 +05:30
parent 4186b80a82
commit b8875f71a5
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/server/src/index.ts
View File

@@ -175,11 +175,17 @@ app.use(
return; return;
} }
// For local development, allow localhost origins // For local development, allow all localhost/loopback origins (any port)
const url = new URL(origin);
const hostname = url.hostname;
if ( if (
origin.startsWith('http://localhost:') || hostname === 'localhost' ||
origin.startsWith('http://127.0.0.1:') || hostname === '127.0.0.1' ||
origin.startsWith('http://[::1]:') hostname === '::1' ||
hostname === '0.0.0.0' ||
hostname.startsWith('192.168.') ||
hostname.startsWith('10.') ||
hostname.startsWith('172.')
) { ) {
callback(null, origin); callback(null, origin);
return; return;