chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: only register debug endpoint when DEBUG=True

Browse Source 
The /debug/cors endpoint is now conditionally registered, preventing
information leakage about CORS configuration in production.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
chihlasm
2026-02-06 00:24:02 -05:00
parent 5ae22e041f
commit 94ec19cf07
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
backend/app/main.py
View File

@@ -89,12 +89,13 @@ async def health_check():
return {"status": "healthy"} return {"status": "healthy"}
@app.get("/debug/cors") if settings.DEBUG:
async def debug_cors(): @app.get("/debug/cors")
"""Debug endpoint to check CORS configuration.""" async def debug_cors():
return { """Debug endpoint to check CORS configuration."""
"allow_railway_origins": settings.ALLOW_RAILWAY_ORIGINS, return {
"cors_mode": "regex + list" if settings.ALLOW_RAILWAY_ORIGINS else "list", "allow_railway_origins": settings.ALLOW_RAILWAY_ORIGINS,
"allowed_origins": settings.allowed_origins, "cors_mode": "regex + list" if settings.ALLOW_RAILWAY_ORIGINS else "list",
"railway_regex": r"https://.*\.up\.railway\.app" if settings.ALLOW_RAILWAY_ORIGINS else None "allowed_origins": settings.allowed_origins,
} "railway_regex": r"https://.*\.up\.railway\.app" if settings.ALLOW_RAILWAY_ORIGINS else None
}