nessi/NexaPantry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: support comma-separated CORS_ORIGINS environment variable
Some checks failed
CI / backend (push) Successful in 23s
Details
CI / frontend (push) Successful in 41s
Details
CI / docker (push) Failing after 56s
Details

Browse Source 
Add NoDecode annotation to cors_origins field in Settings to properly parse comma-separated values from environment variables. Add test to verify CORS_ORIGINS accepts comma-separated list.
This commit is contained in:
Sascha Nesterovic
2026-06-04 10:43:15 +02:00
parent 9466c5a3b3
commit 10a06791db
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/app/tests/test_security.py
View File

@@ -1,3 +1,4 @@
from app.core.config import Settings
from app.core.security import hash_password, hash_token, verify_password
@@ -12,3 +13,13 @@ def test_tokens_are_hashed() -> None:
assert hash_token("secret") == hash_token("secret")
assert hash_token("secret") != "secret"
def test_cors_origins_accept_comma_separated_env(monkeypatch) -> None:
monkeypatch.setenv("JWT_SECRET_KEY", "test-jwt-secret")
monkeypatch.setenv("SETTINGS_SECRET_KEY", "test-settings-secret")
monkeypatch.setenv("CORS_ORIGINS", "http://localhost,http://localhost:5173")
settings = Settings()
assert settings.cors_origins == ["http://localhost", "http://localhost:5173"]