Fix CORS to include allowed_origins when using Railway regex
The CORS middleware was only using the regex pattern for *.up.railway.app when ALLOW_RAILWAY_ORIGINS was enabled, ignoring the explicit allowed_origins list that includes custom domains like app.patherly.com. Now includes both allow_origins and allow_origin_regex so custom domains work alongside Railway PR environments. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Michael Chihlas
@@ -42,20 +42,13 @@ app = FastAPI(
|
|||||||
app.add_middleware(ErrorLoggingMiddleware)
|
app.add_middleware(ErrorLoggingMiddleware)
|
||||||
app.add_middleware(RequestLoggingMiddleware)
|
app.add_middleware(RequestLoggingMiddleware)
|
||||||
|
|
||||||
# Configure CORS with dynamic origin checking for Railway PR environments
|
# Configure CORS
|
||||||
def get_allowed_origins():
|
|
||||||
"""Return origins list or callable for dynamic checking."""
|
|
||||||
if settings.ALLOW_RAILWAY_ORIGINS:
|
|
||||||
# Use callable to dynamically check Railway origins
|
|
||||||
def check_origin(origin: str) -> bool:
|
|
||||||
return settings.is_origin_allowed(origin)
|
|
||||||
return check_origin
|
|
||||||
return settings.allowed_origins
|
|
||||||
|
|
||||||
# Note: When ALLOW_RAILWAY_ORIGINS is True, we use allow_origin_regex for Railway domains
|
# Note: When ALLOW_RAILWAY_ORIGINS is True, we use allow_origin_regex for Railway domains
|
||||||
|
# PLUS the explicit allowed_origins list (for custom domains like app.patherly.com)
|
||||||
if settings.ALLOW_RAILWAY_ORIGINS:
|
if settings.ALLOW_RAILWAY_ORIGINS:
|
||||||
app.add_middleware(
|
app.add_middleware(
|
||||||
CORSMiddleware,
|
CORSMiddleware,
|
||||||
|
allow_origins=settings.allowed_origins,
|
||||||
allow_origin_regex=r"https://.*\.up\.railway\.app",
|
allow_origin_regex=r"https://.*\.up\.railway\.app",
|
||||||
allow_credentials=True,
|
allow_credentials=True,
|
||||||
allow_methods=["*"],
|
allow_methods=["*"],
|
||||||
@@ -95,6 +88,7 @@ async def debug_cors():
|
|||||||
"""Debug endpoint to check CORS configuration."""
|
"""Debug endpoint to check CORS configuration."""
|
||||||
return {
|
return {
|
||||||
"allow_railway_origins": settings.ALLOW_RAILWAY_ORIGINS,
|
"allow_railway_origins": settings.ALLOW_RAILWAY_ORIGINS,
|
||||||
"cors_mode": "regex" if settings.ALLOW_RAILWAY_ORIGINS else "list",
|
"cors_mode": "regex + list" if settings.ALLOW_RAILWAY_ORIGINS else "list",
|
||||||
"allowed_origins": settings.allowed_origins if not settings.ALLOW_RAILWAY_ORIGINS else "*.up.railway.app (regex)"
|
"allowed_origins": settings.allowed_origins,
|
||||||
|
"railway_regex": r"https://.*\.up\.railway\.app" if settings.ALLOW_RAILWAY_ORIGINS else None
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user