Skip to content

feat: allow all CORS origins #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jcabrero merged 1 commit into from
Jun 9, 2025
Merged

feat: allow all CORS origins #103

jcabrero merged 1 commit into from
Jun 9, 2025

Conversation

@jcabrero
Copy link
Member

@jcabrero jcabrero commented May 28, 2025

This PR allows all CORS origin to allow browser client side to connect to nilAI.

@jcabrero jcabrero requested a review from Copilot May 28, 2025 16:07
Copilot AI reviewed May 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the CORS policy to allow browser clients from any origin to connect by switching to a wildcard origin and disabling credentials.

  • Replace the specific origins whitelist with allow_origins=["*"]
  • Change allow_credentials from True to False
  • Keep all methods and headers open
Comments suppressed due to low confidence (2)

nilai-api/src/nilai_api/app.py:93

  • Allowing all origins can pose a security risk. Consider restricting to trusted domains or making the origins configurable via environment variables.
allow_origins=["*"],

nilai-api/src/nilai_api/app.py:94

  • Disabling credentials will prevent sending authentication cookies or session tokens; ensure this aligns with expected client authentication flows or document the change.
allow_credentials=False,

@jcabrero jcabrero requested a review from blefo May 30, 2025 09:44
@jcabrero jcabrero merged commit 6098919 into main Jun 9, 2025
4 checks passed
@jcabrero jcabrero deleted the feat/allow_in_browser_requests branch July 1, 2025 07:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@blefo blefo blefo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jcabrero @blefo