Skip to content

Restrict Flask-CORS to frontend domain#270

Open
Muskankr wants to merge 1 commit into
thetechguardians:mainfrom
Muskankr:fix/cors-restriction
Open

Restrict Flask-CORS to frontend domain#270
Muskankr wants to merge 1 commit into
thetechguardians:mainfrom
Muskankr:fix/cors-restriction

Conversation

@Muskankr

Copy link
Copy Markdown

Fixes #264

Changes:

  • Added flask-cors to requirements.txt.
  • Restricted CORS configuration in backend/init.py to the deployed frontend domain.
  • Prevents wildcard (*) exposure.

Result:
Only the intended frontend can call the API, reducing security risks from arbitrary origins.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Flask-CORS appears configured to allow all origins

1 participant