fix(backend): always allow localhost CORS for desktop app

2026-05-05 22:02:39 +02:00 · 2026-03-17 19:00:21 +02:00 · 2026-03-17 19:00:21 +02:00 · 8cf12db72a
commit 8cf12db72a
parent d4ad5c7fe4
1 changed files with 6 additions and 10 deletions
--- a/surfsense_backend/app/app.py
+++ b/surfsense_backend/app/app.py
@ -340,16 +340,12 @@ if config.NEXT_FRONTEND_URL:
        if www_url not in allowed_origins:
            allowed_origins.append(www_url)

-# For local development, also allow common localhost origins
-if not config.BACKEND_URL or (
-    config.NEXT_FRONTEND_URL and "localhost" in config.NEXT_FRONTEND_URL
-):
-    allowed_origins.extend(
-        [
-            "http://localhost:3000",
-            "http://127.0.0.1:3000",
-        ]
-    )
+allowed_origins.extend(
+    [ # For local development and desktop app
+        "http://localhost:3000",
+        "http://127.0.0.1:3000",
+    ]
+)

 app.add_middleware(
    CORSMiddleware,