CORS Middleware: trim trailing space in allowed_origins #2735

Unanswered

sultaniman asked this question in Potential Issue

sultaniman
Oct 22, 2024

Hey all,

At the moment the middleware is unable to match origin if the given origins contains trailing slash.

app.add_middleware(
    CORSMiddleware,
    allow_origins=["http://localhost:5173/"]    # trailing /
    ...
)

When the browser sends the Origin header the CORSMiddleware.is_allowed_origin is not able to match it

Host: localhost:8000
Origin: http://localhost:5173

https://github.com/encode/starlette/blob/master/starlette/middleware/cors.py#L95-L102

I know it is a half measure but still wondering if we need to trim trailing slash from allowed_origins?

Replies: 0 comments

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment