Yury

> EDIT: Maybe using the origin header for this purpose would be preferred over referer? Not sure if/when they can differ. That's exactly what one of the checks CORS does...

> It doesn't protect from rogue 3rd-party desktop apps, but are there other attack vectors you have in mind beyond this? I cannot think of any other possible attack vectors....

> So the question is whether removing the CORSMiddleware from the app's fast-api (as done in your fork) is sufficient for the server to also outright reject any requests which...

I've made a PR with security hardening that you can check: https://github.com/w-okada/voice-changer/pull/1153 It adds the Origin header check and the server should respond with status code 400 if the origin...

Hey, sorry for inconvenience. This issue is caused by this change: https://github.com/w-okada/voice-changer/pull/1153. Currently, you are required to specify the URL of your server in order to make requests to voice...

> Hi @deiteris I have tried with your fork adding the "--allowed-origin *" argument in google collab but i'm still getting an error when the url it's generated, i handle...

@sunday-HAMA, you need to also apply the following changes: https://github.com/w-okada/voice-changer/pull/1186/commits/00b1d4e32f8c5c13b522279002ac494e4271fb63

You need to use onnxdirectML version that works with AMD cards.