fix(docker): configure CORS for frontend in docker-compose#1700
fix(docker): configure CORS for frontend in docker-compose#1700anshul23102 wants to merge 2 commits into
Conversation
utksh1
left a comment
There was a problem hiding this comment.
Thanks for the contribution. The Docker/CORS idea may be useful, but this PR needs to be narrowed before it can be reviewed safely:\n\n1. The PR title says fix(docker): configure CORS for frontend in docker-compose, but the diff also includes a substantial unrelated parser-sandbox / network-isolation change. Please split that into a separate PR.\n2. Add focused validation for the Docker/CORS part itself. Right now the PR does not include clear coverage proving the compose change is needed and correct.\n3. Keep this PR single-purpose: Docker/CORS only.\n\nOnce the unrelated security/parser changes are removed and the scope is clean, I’m happy to re-review this.
Issue utksh1#1622: the docker-compose configuration was missing CORS setup for the frontend service. Frontend runs on port 5173, API on port 8081, both accessible via multiple origins (localhost, 127.0.0.1, and the Docker service name 'frontend'). Without explicit CORS_ALLOWED_ORIGINS, the backend's CORS middleware would reject requests from the frontend, blocking API calls. Fix: set SECUSCAN_CORS_ALLOWED_ORIGINS environment variable in the api service to allow requests from http://localhost:5173, http://127.0.0.1:5173, and http://frontend:5173 (Docker internal DNS). This ensures the frontend can make API calls whether accessed via localhost, IP, or internal Docker service name. Fixes utksh1#1622
Parses docker-compose.yml directly (no Docker required) to assert the api service sets SECUSCAN_CORS_ALLOWED_ORIGINS and that it covers every origin the frontend can be reached through: localhost, 127.0.0.1, and the Docker-internal 'frontend' service DNS name. Addresses review feedback on utksh1#1700 asking for focused validation that the compose change is needed and correct.
844f946 to
1a18834
Compare
|
Thanks for the review -- done. Pushed a cleaned-up branch:
Ready for another look. |
Fixes #1622
The docker-compose configuration was missing CORS setup for the frontend service. Frontend runs on port 5173, API on port 8081. Without explicit CORS_ALLOWED_ORIGINS, the backend's CORS middleware would reject requests from the frontend, blocking API calls.
Fix: set SECUSCAN_CORS_ALLOWED_ORIGINS environment variable in the api service to allow requests from:
This ensures the frontend can make API calls whether accessed via localhost, IP, or internal Docker service name.