core
core copied to clipboard
cheshire-cat-ai
`CCAT_CORS_ALLOWED_ORIGINS` still does not work
To Reproduce
Set up a cat with .env:
CCAT_HTTPS_PROXY_MODE=1
CCAT_CORS_ALLOWED_ORIGINS=https://mydomain.com,https://example.com
The Cat still accepts requests from other origins P.S.: also tried omitting the protocol, no luck
@pieroit how did you set the following env variable? CCAT_CORS_FORWARDED_ALLOW_IPS
That env variable is part of the uvicorn configuration, I don't know but the def value is '*' so maybe you need to set that variable to the list of trusted domains too?
Check here https://www.uvicorn.org/settings/ it is the forwarded_allow_ips setting
ps. we might need to revisit the CORS env variables such as the CCAT_CORS_ALLOWED_ORIGINS
@pieroit how did you set the following env variable?
CCAT_CORS_FORWARDED_ALLOW_IPSThat env variable is part of the uvicorn configuration, I don't know but the def value is '*' so maybe you need to set that variable to the list of trusted domains too? Check here https://www.uvicorn.org/settings/ps. we might need to revisit the CORS env variables such as the
CCAT_CORS_ALLOWED_ORIGINS
I did not set it
@pieroit In my environment the CCAT_CORS_ALLOWED_ORIGINS parameter is enough to get CORS error when I try to consume APIs from something different from http://test.sam.com:5000.
Working config CCAT_CORS_ALLOWED_ORIGINS:
CCAT_CORS_ALLOWED_ORIGINS=https://example.org,https://www.example.org,http://test.sam.com:5000
The issue is on API consumption, correct? There is no CORS check from browser when using web socket.
@pieroit In my environment the CCAT_CORS_ALLOWED_ORIGINS parameter is enough to get CORS error when I try to consume APIs from something different from http://test.sam.com:5000.
Working config CCAT_CORS_ALLOWED_ORIGINS:
CCAT_CORS_ALLOWED_ORIGINS=https://example.org,https://www.example.org,http://test.sam.com:5000The issue is on API consumption, correct? There is no CORS check from browser when using web socket.
I had the problem with websockets from the browser, I'll check again thanks