From 9b0ae64f886b5e098de6887cd7cfa680ba08120a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Georg=20Elgeb=C3=A4ck?= <50551748+georgelgeback@users.noreply.github.com> Date: Mon, 30 Mar 2026 19:43:51 +0200 Subject: [PATCH 1/2] Revert "Horrible fix for cross site badness (#501)" This reverts commit 203044f29b4207fc52b15a8840e39d988a4c6a14. --- main.py | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/main.py b/main.py index 6f7ce5b9..b5dcd00e 100644 --- a/main.py +++ b/main.py @@ -48,26 +48,18 @@ async def lifespan(app: FastAPI): no_docs = os.getenv("ENVIRONMENT") == "production" dev_origins = [ - "http://localhost:3000", # If we don't specify port, it defaults to 80 + "http://localhost", + "http://localhost:3000", + "http://127.0.0.1", "http://127.0.0.1:3000", - "http://localhost:3001", # Sometimes VSCode thinks 3000 is used, so the frontend uses a higher port - "http://127.0.0.1:3001", # Wildcard ports don't work with cookies so we need this cursed mess :( - "http://localhost:3002", - "http://127.0.0.1:3002", - "http://localhost:3003", - "http://127.0.0.1:3003", ] stage_origins = [ "https://stage.frontend.fsektionen.se", - "http://localhost:3000", # If we don't specify port, it defaults to 80 + "http://localhost", + "http://localhost:3000", + "http://127.0.0.1", "http://127.0.0.1:3000", - "http://localhost:3001", # Sometimes VSCode thinks 3000 is used, so the frontend uses a higher port - "http://127.0.0.1:3001", - "http://localhost:3002", - "http://127.0.0.1:3002", - "http://localhost:3003", - "http://127.0.0.1:3003", ] production_origins = ["https://fsektionen.se"] From f69be0fbe212892fb670ec71f7b80b4f5c5e66e4 Mon Sep 17 00:00:00 2001 From: georgelgeback Date: Mon, 30 Mar 2026 17:54:39 +0000 Subject: [PATCH 2/2] use regex --- main.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/main.py b/main.py index b5dcd00e..3ab9393d 100644 --- a/main.py +++ b/main.py @@ -48,18 +48,11 @@ async def lifespan(app: FastAPI): no_docs = os.getenv("ENVIRONMENT") == "production" dev_origins = [ - "http://localhost", - "http://localhost:3000", - "http://127.0.0.1", - "http://127.0.0.1:3000", + "http://localhost", # Idk if this is even needed ] stage_origins = [ "https://stage.frontend.fsektionen.se", - "http://localhost", - "http://localhost:3000", - "http://127.0.0.1", - "http://127.0.0.1:3000", ] production_origins = ["https://fsektionen.se"] @@ -78,6 +71,7 @@ async def lifespan(app: FastAPI): allow_credentials=True, allow_methods=["*"], allow_headers=["*"], + allow_origin_regex="\bhttp://(localhost|127\.0\.0\.1):(\d+)\b", # Allow all localhost origins with any port ) if os.getenv("ENVIRONMENT") == "stage": @@ -87,6 +81,7 @@ async def lifespan(app: FastAPI): allow_credentials=True, allow_methods=["*"], allow_headers=["*"], + allow_origin_regex="\bhttp://(localhost|127\.0\.0\.1):(\d+)\b", # Allow all localhost origins with any port ) if os.getenv("ENVIRONMENT") == "production":