From ccba82faf26dd4fdb1fcc7148649f94e1bf04564 Mon Sep 17 00:00:00 2001 From: Herklos Date: Tue, 30 Jun 2026 09:03:36 +0200 Subject: [PATCH] [Node] allow *.octobot.cloud origins in CORS + BACKEND_CORS_ORIGIN_REGEX env var Co-Authored-By: Claude Sonnet 4.6 --- packages/services/octobot_services/constants.py | 1 + .../Services/Interfaces/node_api_interface/node_api.py | 6 +++++- .../Services/Services_bases/node_api_service/node_api.py | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/packages/services/octobot_services/constants.py b/packages/services/octobot_services/constants.py index a4947bb414..e8c0ec9bee 100644 --- a/packages/services/octobot_services/constants.py +++ b/packages/services/octobot_services/constants.py @@ -61,6 +61,7 @@ ENV_WEB_ADDRESS = "WEB_ADDRESS" ENV_CORS_ALLOWED_ORIGINS = "CORS_ALLOWED_ORIGINS" ENV_BACKEND_CORS_ALLOWED_ORIGINS = "BACKEND_CORS_ALLOWED_ORIGINS" +ENV_BACKEND_CORS_ORIGIN_REGEX = "BACKEND_CORS_ORIGIN_REGEX" ENV_AUTO_OPEN_IN_WEB_BROWSER = "AUTO_OPEN_IN_WEB_BROWSER" DEFAULT_SERVER_IP = '0.0.0.0' DEFAULT_SERVER_PORT = 5001 diff --git a/packages/tentacles/Services/Interfaces/node_api_interface/node_api.py b/packages/tentacles/Services/Interfaces/node_api_interface/node_api.py index b58841376e..a9eb447de0 100644 --- a/packages/tentacles/Services/Interfaces/node_api_interface/node_api.py +++ b/packages/tentacles/Services/Interfaces/node_api_interface/node_api.py @@ -44,6 +44,8 @@ build_api_router = _api_main.build_api_router LOCALHOST_ORIGIN_REGEX = r"^https?://(localhost|127\.0\.0\.1)(:\d+)?$" +OCTOBOT_CLOUD_ORIGIN_REGEX = r"^https://([a-z0-9-]+\.)*octobot\.cloud$" +ALLOWED_ORIGIN_REGEX = f"({LOCALHOST_ORIGIN_REGEX}|{OCTOBOT_CLOUD_ORIGIN_REGEX})" def custom_generate_unique_id(route: APIRoute) -> str: @@ -96,10 +98,12 @@ async def _async_run(self) -> bool: # Set CORS from service config cors_origins_str = self.node_api_service.get_backend_cors_origins() cors_origins = [i.strip() for i in cors_origins_str.split(",") if i.strip()] if cors_origins_str else [] + extra_regex = self.node_api_service.get_backend_cors_origin_regex() + origin_regex = f"({ALLOWED_ORIGIN_REGEX}|{extra_regex})" if extra_regex else ALLOWED_ORIGIN_REGEX self.app.add_middleware( CORSMiddleware, allow_origins=cors_origins, - allow_origin_regex=LOCALHOST_ORIGIN_REGEX, + allow_origin_regex=origin_regex, allow_credentials=True, allow_methods=["*"], allow_headers=["*"], diff --git a/packages/tentacles/Services/Services_bases/node_api_service/node_api.py b/packages/tentacles/Services/Services_bases/node_api_service/node_api.py index 84f309c2fd..b50c88bae7 100644 --- a/packages/tentacles/Services/Services_bases/node_api_service/node_api.py +++ b/packages/tentacles/Services/Services_bases/node_api_service/node_api.py @@ -176,3 +176,6 @@ def get_node_postgres_url(self): def get_backend_cors_origins(self): return os.getenv(services_constants.ENV_BACKEND_CORS_ALLOWED_ORIGINS, self.backend_cors_origins) + + def get_backend_cors_origin_regex(self): + return os.getenv(services_constants.ENV_BACKEND_CORS_ORIGIN_REGEX, "")