chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: only register debug endpoint when DEBUG=True

Browse Source 
The /debug/cors endpoint is now conditionally registered, preventing
information leakage about CORS configuration in production.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
chihlasm
2026-02-06 00:24:02 -05:00
parent 5ae22e041f
commit 94ec19cf07
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/app/main.py
View File

@@ -89,8 +89,9 @@ async def health_check():
return {"status": "healthy"} return {"status": "healthy"}
@app.get("/debug/cors") if settings.DEBUG:
async def debug_cors(): @app.get("/debug/cors")
async def debug_cors():
"""Debug endpoint to check CORS configuration.""" """Debug endpoint to check CORS configuration."""
return { return {
"allow_railway_origins": settings.ALLOW_RAILWAY_ORIGINS, "allow_railway_origins": settings.ALLOW_RAILWAY_ORIGINS,