From d1b6fdb6c3510dd916e7d38a105d9bb91ab34928 Mon Sep 17 00:00:00 2001 From: Brian Ward Date: Wed, 31 Jul 2024 20:58:11 +0000 Subject: [PATCH] Restrict CORS to known domains --- backend/stan-wasm-server/src/app/main.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/backend/stan-wasm-server/src/app/main.py b/backend/stan-wasm-server/src/app/main.py index e716bd89..4cbff4ec 100644 --- a/backend/stan-wasm-server/src/app/main.py +++ b/backend/stan-wasm-server/src/app/main.py @@ -51,14 +51,19 @@ def setup_logger() -> None: app.add_middleware( CORSMiddleware, - allow_origins=["*"], + allow_origins=[ + "https://stan-playground.flatironinstitute.org", + "https://stan-playground.vercel.app", + "http://127.0.0.1:3000", # yarn dev + "http://127.0.0.1:4173", # yarn preview + ], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) -##### Custom exception handlers +# Custom exception handlers Exn = TypeVar("Exn", bound=Exception) @@ -84,7 +89,7 @@ async def _(_request: Request, exc: Exception) -> JSONResponse: register_exn_handler(*e) -##### Routing +# Routing DictResponse = dict[str, Any]