Spaces:

tecuts
/

chat

Running

tecuts commited on 11 days ago

Commit

4d462b5

verified ·

1 Parent(s): b36825f

Update app.py

Files changed (1) hide show

app.py CHANGED Viewed

@@ -12,7 +12,7 @@ import logging
 # --- Security Helper Functions ---
 def verify_origin(request: Request):
-    """Verify that the request comes from an allowed origin for /chat endpoint"""
     origin = request.headers.get("origin")
     referer = request.headers.get("referer")
@@ -21,22 +21,17 @@ def verify_origin(request: Request):
         "https://www.chrunos.com"
     ]
-    # Allow localhost for development (you can remove this in production)
-    #if origin and any(origin.startswith(local) for local in ["http://localhost:", "http://127.0.0.1:"]):
-     #   return True
-    # Check origin header
-    if origin in allowed_origins:
         return True
-    # Check referer header as fallback
     if referer and any(referer.startswith(allowed) for allowed in allowed_origins):
         return True
-    raise HTTPException(
-        status_code=403,
-        detail="Access denied: This endpoint is only accessible from chrunos.com"
-    )
 # --- Configure Logging ---
 logging.basicConfig(level=logging.INFO)

 # --- Security Helper Functions ---
 def verify_origin(request: Request):
+    """Simplified check since CORS middleware handles most cases"""
     origin = request.headers.get("origin")
     referer = request.headers.get("referer")
         "https://www.chrunos.com"
     ]
+    # If origin header exists, trust CORS middleware validation
+    if origin:
         return True
+    # Fallback to referer check for non-CORS requests
     if referer and any(referer.startswith(allowed) for allowed in allowed_origins):
         return True
+    # If neither header present, log and deny
+    logger.info(f"No valid origin/referer - Origin: {origin}, Referer: {referer}")
+    raise HTTPException(status_code=403, detail="Access denied")
 # --- Configure Logging ---
 logging.basicConfig(level=logging.INFO)