From 842e7f524b37218a4a24b05da094daf3bcb2dcb5 Mon Sep 17 00:00:00 2001 From: kolaente Date: Wed, 11 Jun 2025 14:27:32 +0200 Subject: [PATCH] fix: always add public url to allowed cors origins This fixes a bug where it was not possible to do anything because the public url was not allowed by default for CORS requests. Regression from 433b8b9115e81aac364ea7261ccfdfaa5652c948 Resolves https://github.com/go-vikunja/vikunja/issues/916 --- pkg/config/config.go | 3 +++ pkg/routes/routes.go | 1 + 2 files changed, 4 insertions(+) diff --git a/pkg/config/config.go b/pkg/config/config.go index d135be288..0d3e91b88 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -599,6 +599,9 @@ func InitConfig() { if DefaultSettingsTimezone.GetString() == "" { DefaultSettingsTimezone.Set(ServiceTimeZone.GetString()) } + + publicURL := strings.TrimSuffix(ServicePublicURL.GetString(), "/") + CorsOrigins.Set(append(CorsOrigins.GetStringSlice(), publicURL)) } func random(length int) (string, error) { diff --git a/pkg/routes/routes.go b/pkg/routes/routes.go index 4bd67a4d0..ea2ae1440 100644 --- a/pkg/routes/routes.go +++ b/pkg/routes/routes.go @@ -182,6 +182,7 @@ func RegisterRoutes(e *echo.Echo) { // CORS if config.CorsEnable.GetBool() { + log.Debugf("CORS enabled with origins: %s", strings.Join(config.CorsOrigins.GetStringSlice(), ", ")) e.Use(middleware.CORSWithConfig(middleware.CORSConfig{ AllowOrigins: config.CorsOrigins.GetStringSlice(), MaxAge: config.CorsMaxAge.GetInt(),