plane icon indicating copy to clipboard operation
plane copied to clipboard
Published 17 hours ago verified publisher icon makeplane

[bug]: Environment variable CORS_ALLOWED_ORIGINS is not used

Open XenGi opened this issue 1 week ago • 2 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues

Current behavior

No matter what is set in the CORS_ALLOWED_ORIGINS variable, it seems that the application host is always used as the value. I tried setting "*" and got an appropriate error. I tried "" but the response header still hat the application host in it. I also tried a list with the two domains I need but still got only the application fqdn back.

I found the issue while figuring out another CORS issue which was related to missing CORS config on my S3 backend.

Steps to reproduce

  1. Set CORS_ALLOWED_ORIGINS to empty string or mutliple domains
  2. Try to upload an avatar
  3. Watch browser request to https://<my-plane-instance>/api/assets/v2/user-assets/ with access-control-allow-origin: https://<my-plane-instance>/ with the other URI missing

Environment

Production

Browser

Google Chrome

Variant

Self-hosted

Version

v1.2.1

XenGi avatar Dec 18 '25 16:12 XenGi

Synced with Plane Workspace 🔄

[GIT-26] [bug]: Environment variable CORS_ALLOWED_ORIGINS is not used

makeplane[bot] avatar Dec 18 '25 16:12 makeplane[bot]

I updated to v1.2.1 but the issue is still there.

XenGi avatar Dec 19 '25 07:12 XenGi