chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix CORS to include allowed_origins when using Railway regex

Browse Source 
The CORS middleware was only using the regex pattern for *.up.railway.app
when ALLOW_RAILWAY_ORIGINS was enabled, ignoring the explicit allowed_origins
list that includes custom domains like app.patherly.com.

Now includes both allow_origins and allow_origin_regex so custom domains
work alongside Railway PR environments.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Michael Chihlas
2026-02-03 10:31:59 -05:00
parent b608b0a708
commit d1201cc584
1 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
backend/app/main.py
View File

@@ -42,20 +42,13 @@ app = FastAPI(
app.add_middleware(ErrorLoggingMiddleware)
app.add_middleware(RequestLoggingMiddleware)
# Configure CORS with dynamic origin checking for Railway PR environments
def get_allowed_origins():
"""Return origins list or callable for dynamic checking."""
if settings.ALLOW_RAILWAY_ORIGINS:
# Use callable to dynamically check Railway origins
def check_origin(origin: str) -> bool:
return settings.is_origin_allowed(origin)
return check_origin
return settings.allowed_origins
# Configure CORS
# Note: When ALLOW_RAILWAY_ORIGINS is True, we use allow_origin_regex for Railway domains
# PLUS the explicit allowed_origins list (for custom domains like app.patherly.com)
if settings.ALLOW_RAILWAY_ORIGINS:
app.add_middleware(
CORSMiddleware,
allow_origins=settings.allowed_origins,
allow_origin_regex=r"https://.*\.up\.railway\.app",
allow_credentials=True,
allow_methods=["*"],
@@ -95,6 +88,7 @@ async def debug_cors():
"""Debug endpoint to check CORS configuration."""
return {
"allow_railway_origins": settings.ALLOW_RAILWAY_ORIGINS,
"cors_mode": "regex" if settings.ALLOW_RAILWAY_ORIGINS else "list",
"allowed_origins": settings.allowed_origins if not settings.ALLOW_RAILWAY_ORIGINS else "*.up.railway.app (regex)"
"cors_mode": "regex + list" if settings.ALLOW_RAILWAY_ORIGINS else "list",
"allowed_origins": settings.allowed_origins,
"railway_regex": r"https://.*\.up\.railway\.app" if settings.ALLOW_RAILWAY_ORIGINS else None
}