Skip to content

Invalid origins and credentials CORS combination. #7

New issue
New issue
Open
Open
Invalid origins and credentials CORS combination.#7
@noeltom30

Description

@noeltom30
noeltom30
opened on Jan 9, 2026

Location: SakhiCircle/backend/main.py (Lines 46-52)

Allows credentials and wildcard origins which is a security risk.

app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],  
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions