From 6450e68ebfebcf36a0dfd713d3837a9b3de96aef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Mon, 16 Sep 2024 15:12:22 -0400 Subject: [PATCH] Tighten up cors settings --- ooniapi/services/ooniauth/src/ooniauth/main.py | 4 +--- ooniapi/services/oonifindings/src/oonifindings/main.py | 3 +-- .../services/oonimeasurements/src/oonimeasurements/main.py | 4 +--- ooniapi/services/ooniprobe/src/ooniprobe/main.py | 3 +-- ooniapi/services/oonirun/src/oonirun/main.py | 4 +--- 5 files changed, 5 insertions(+), 13 deletions(-) diff --git a/ooniapi/services/ooniauth/src/ooniauth/main.py b/ooniapi/services/ooniauth/src/ooniauth/main.py index 00c5b739..cd120f1e 100644 --- a/ooniapi/services/ooniauth/src/ooniauth/main.py +++ b/ooniapi/services/ooniauth/src/ooniauth/main.py @@ -38,11 +38,9 @@ async def lifespan(app: FastAPI): app, metric_namespace="ooniapi", metric_subsystem="ooniauth" ) -# TODO: temporarily enable all -origins = ["*"] app.add_middleware( CORSMiddleware, - allow_origins=origins, + allow_origin_regex="^https://[-A-Za-z0-9]+(\.test)?\.ooni\.(org|io)$", allow_credentials=True, allow_methods=["*"], allow_headers=["*"], diff --git a/ooniapi/services/oonifindings/src/oonifindings/main.py b/ooniapi/services/oonifindings/src/oonifindings/main.py index 731844e7..90d7b3ec 100644 --- a/ooniapi/services/oonifindings/src/oonifindings/main.py +++ b/ooniapi/services/oonifindings/src/oonifindings/main.py @@ -37,10 +37,9 @@ async def lifespan(app: FastAPI): app, metric_namespace="ooniapi", metric_subsystem="oonifindings" ) -# TODO: temporarily enable all -origins = ["*"] app.add_middleware( CORSMiddleware, + allow_origin_regex="^https://[-A-Za-z0-9]+(\.test)?\.ooni\.(org|io)$", allow_origins=origins, allow_credentials=True, allow_methods=["*"], diff --git a/ooniapi/services/oonimeasurements/src/oonimeasurements/main.py b/ooniapi/services/oonimeasurements/src/oonimeasurements/main.py index b6201f7d..240c6a36 100644 --- a/ooniapi/services/oonimeasurements/src/oonimeasurements/main.py +++ b/ooniapi/services/oonimeasurements/src/oonimeasurements/main.py @@ -39,11 +39,9 @@ async def lifespan(app: FastAPI): app, metric_namespace="ooniapi", metric_subsystem="oonimeasurements" ) -# TODO: temporarily enable all -origins = ["*"] app.add_middleware( - CORSMiddleware, allow_origins=origins, + allow_origin_regex="^https://[-A-Za-z0-9]+(\.test)?\.ooni\.(org|io)$", allow_credentials=True, allow_methods=["*"], allow_headers=["*"], diff --git a/ooniapi/services/ooniprobe/src/ooniprobe/main.py b/ooniapi/services/ooniprobe/src/ooniprobe/main.py index b58aa8f4..55c7fee1 100644 --- a/ooniapi/services/ooniprobe/src/ooniprobe/main.py +++ b/ooniapi/services/ooniprobe/src/ooniprobe/main.py @@ -37,10 +37,9 @@ async def lifespan(app: FastAPI): app, metric_namespace="ooniapi", metric_subsystem="ooniprobe" ) -# TODO: temporarily enable all -origins = ["*"] app.add_middleware( CORSMiddleware, + allow_origin_regex="^https://[-A-Za-z0-9]+(\.test)?\.ooni\.(org|io)$", allow_origins=origins, allow_credentials=True, allow_methods=["*"], diff --git a/ooniapi/services/oonirun/src/oonirun/main.py b/ooniapi/services/oonirun/src/oonirun/main.py index 50b32214..90ec4197 100644 --- a/ooniapi/services/oonirun/src/oonirun/main.py +++ b/ooniapi/services/oonirun/src/oonirun/main.py @@ -38,11 +38,9 @@ async def lifespan(app: FastAPI): app, metric_namespace="ooniapi", metric_subsystem="oonirun" ) -# TODO: temporarily enable all -origins = ["*"] app.add_middleware( CORSMiddleware, - allow_origins=origins, + allow_origin_regex="^https://[-A-Za-z0-9]+(\.test)?\.ooni\.(org|io)$", allow_credentials=True, allow_methods=["*"], allow_headers=["*"],