ldraney/mcd-tracker-api
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: use CORS origin regex for Tailscale domain #19

Merged
forgejo_admin merged 1 commit from 18-use-cors-origin-regex-for-tailscale-doma into main 2026-03-17 07:51:30 +00:00
Conversation 1 Commits 1 Files changed 2 +7 -3
forgejo_admin commented 2026-03-17 07:43:47 +00:00
Contributor
Copy link

Summary

Replaces the hardcoded CORS origin list with allow_origin_regex matching any *.tail5b443a.ts.net hostname. Eliminates the need to update CORS configuration and redeploy the API every time a new Tailscale dev funnel is created.

Changes

  • src/mcd_tracker_api/config.py: Added tailscale_domain setting (default tail5b443a.ts.net) to the pydantic-settings Settings class, configurable via MCD_TRACKER_TAILSCALE_DOMAIN env var.
  • src/mcd_tracker_api/main.py: Replaced three hardcoded Tailscale origins with a single allow_origin_regex built from settings.tailscale_domain using re.escape. Non-Tailscale origins (capacitor://localhost, http://localhost, http://localhost:5173) remain as explicit allow_origins entries.

Test Plan

  • App imports cleanly and generated regex is correct: https://.*\.tail5b443a\.ts\.net
  • ruff format and ruff check pass with no issues
  • Tests pass in CI (144 tests require PostgreSQL service container, unavailable locally)
  • Manual verification: new Tailscale funnels get CORS access without redeployment

Review Checklist

  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive

Related

## Summary Replaces the hardcoded CORS origin list with `allow_origin_regex` matching any `*.tail5b443a.ts.net` hostname. Eliminates the need to update CORS configuration and redeploy the API every time a new Tailscale dev funnel is created. ## Changes - `src/mcd_tracker_api/config.py`: Added `tailscale_domain` setting (default `tail5b443a.ts.net`) to the pydantic-settings `Settings` class, configurable via `MCD_TRACKER_TAILSCALE_DOMAIN` env var. - `src/mcd_tracker_api/main.py`: Replaced three hardcoded Tailscale origins with a single `allow_origin_regex` built from `settings.tailscale_domain` using `re.escape`. Non-Tailscale origins (`capacitor://localhost`, `http://localhost`, `http://localhost:5173`) remain as explicit `allow_origins` entries. ## Test Plan - [x] App imports cleanly and generated regex is correct: `https://.*\.tail5b443a\.ts\.net` - [x] ruff format and ruff check pass with no issues - [ ] Tests pass in CI (144 tests require PostgreSQL service container, unavailable locally) - [ ] Manual verification: new Tailscale funnels get CORS access without redeployment ## Review Checklist - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit messages are descriptive ## Related - Closes #18
feat: use CORS origin regex for Tailscale domain
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
082b412a3f 
Replaces hardcoded CORS origin list with allow_origin_regex matching
any *.tail5b443a.ts.net hostname. Eliminates need to update CORS and
redeploy the API every time a new Tailscale dev funnel is created.

Non-Tailscale origins (capacitor://localhost, http://localhost) remain
as explicit allow_origins entries.

Closes #18

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-17 07:44:12 +00:00
Author
Contributor
Copy link

Review -- Pass

Reviewed the 2-file diff. No issues found.

config.py: New tailscale_domain setting follows existing pydantic-settings pattern, correct MCD_TRACKER_ prefix, sensible default.

main.py: re.escape properly escapes dots in the domain for regex safety. allow_origin_regex is the correct CORSMiddleware parameter. Non-Tailscale origins remain as explicit allow_origins. Minimal and correct.

No fixes needed. Ready for merge.

## Review -- Pass Reviewed the 2-file diff. No issues found. **config.py**: New `tailscale_domain` setting follows existing pydantic-settings pattern, correct `MCD_TRACKER_` prefix, sensible default. **main.py**: `re.escape` properly escapes dots in the domain for regex safety. `allow_origin_regex` is the correct CORSMiddleware parameter. Non-Tailscale origins remain as explicit `allow_origins`. Minimal and correct. No fixes needed. Ready for merge.
forgejo_admin deleted branch 18-use-cors-origin-regex-for-tailscale-doma 2026-03-17 07:51:30 +00:00
Commenting is not possible because the repository is archived.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/mcd-tracker-api!19
No description provided.