Skip to content

Add CORS support for app.merabytes.com and local.merabytes.com#2

Merged
kn0wm4d merged 3 commits intomainfrom
copilot/add-cors-support
Dec 20, 2025
Merged

Add CORS support for app.merabytes.com and local.merabytes.com#2
kn0wm4d merged 3 commits intomainfrom
copilot/add-cors-support

Conversation

Copy link
Contributor

Copilot AI commented Dec 20, 2025
edited
Loading

The Lambda function needs to accept requests from multiple frontend domains: app.merabytes.com and local.merabytes.com in addition to the existing secrets.merabytes.com.

Changes

Dynamic origin validation

  • Extract Origin header from requests (case-insensitive)
  • Match against allowed origins whitelist
  • Return matched origin in Access-Control-Allow-Origin response header
  • Default to first allowed origin if no match

Configuration

  • Default origins: secrets.merabytes.com, app.merabytes.com, local.merabytes.com
  • Support comma-separated CORS_ORIGIN env var: https://app1.com,https://app2.com
  • Filter empty strings and whitespace from parsed values

Implementation

# New helper functions
def _extract_origin(event):
    headers = event.get('headers', {})
    for key, value in headers.items():
        if key.lower() == 'origin':
            return value
    return None

def _get_cors_headers(origin=None):
    allowed_origin = ALLOWED_ORIGINS[0]
    if origin and origin in ALLOWED_ORIGINS:
        allowed_origin = origin
    return {"Access-Control-Allow-Origin": allowed_origin, ...}

# Applied at request start
def lambda_handler(event, context):
    origin = _extract_origin(event)
    CORS_HEADERS = _get_cors_headers(origin)
    # ... rest of handler

Backward compatible: existing single-origin configurations continue to work.

Original prompt

Add CORS support for app.merabytes.com and local.merabytes.com

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI self-assigned this Dec 20, 2025
Copilot AI and others added 2 commits December 20, 2025 20:03
@kn0wm4d
Implement dynamic CORS support for multiple origins
f539f0b 
- Add support for app.merabytes.com and local.merabytes.com
- Implement dynamic origin validation and matching
- Extract Origin header from request and validate against allowed list
- Return matching origin in CORS response header
- Support comma-separated CORS_ORIGIN env variable for custom origins
- Update documentation with multi-origin CORS configuration examples

Co-authored-by: kn0wm4d <15344287+kn0wm4d@users.noreply.github.com>
@kn0wm4d
Address code review feedback
777f524 
- Filter out empty strings when parsing CORS_ORIGIN env variable
- Add fallback to default origins if parsed list is empty
- Implement case-insensitive Origin header lookup
- Add clarifying comment about Lambda execution context safety
- Add comprehensive edge case testing

Co-authored-by: kn0wm4d <15344287+kn0wm4d@users.noreply.github.com>
Copilot AI changed the title [WIP] Add CORS support for app and local subdomains Add CORS support for app.merabytes.com and local.merabytes.com Dec 20, 2025
Copilot AI requested a review from kn0wm4d December 20, 2025 20:09
@kn0wm4d
Copy link
Contributor

kn0wm4d commented Dec 20, 2025

@copilot It has to support the three origins by default

@kn0wm4d kn0wm4d marked this pull request as ready for review December 20, 2025 20:15
@kn0wm4d kn0wm4d merged commit 500935a into main Dec 20, 2025
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kn0wm4d kn0wm4d Awaiting requested review from kn0wm4d

Assignees

@kn0wm4d kn0wm4d

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kn0wm4d