Michael Chihlas d1201cc584 Fix CORS to include allowed_origins when using Railway regex ...

The CORS middleware was only using the regex pattern for *.up.railway.app
when ALLOW_RAILWAY_ORIGINS was enabled, ignoring the explicit allowed_origins
list that includes custom domains like app.patherly.com.

Now includes both allow_origins and allow_origin_regex so custom domains
work alongside Railway PR environments.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-03 10:31:59 -05:00

2.8 KiB

Raw Blame History

View Raw