feat: Restrict CORS origin to public_base_url if set
Co-authored-by: aider (gemini/gemini-2.5-pro) <aider@aider.chat>
This commit is contained in:
12
app/app.py
12
app/app.py
@@ -41,16 +41,20 @@ from app.config import Settings, load_settings
|
||||
|
||||
# ---- App & static ----
|
||||
app = FastAPI(title="Immich Drop Uploader (Python)")
|
||||
# Global settings (read-only at runtime)
|
||||
SETTINGS: Settings = load_settings()
|
||||
|
||||
# CORS
|
||||
origins = ["*"]
|
||||
if SETTINGS.public_base_url:
|
||||
origins = [SETTINGS.public_base_url.strip().rstrip('/')]
|
||||
app.add_middleware(
|
||||
CORSMiddleware,
|
||||
allow_origins=["*"],
|
||||
allow_origins=origins,
|
||||
allow_credentials=True,
|
||||
allow_methods=["*"],
|
||||
allow_headers=["*"],
|
||||
)
|
||||
|
||||
# Global settings (read-only at runtime)
|
||||
SETTINGS: Settings = load_settings()
|
||||
_public_uploads_enabled_runtime = SETTINGS.public_upload_page_enabled
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user