blackroad-os/blackroad-operating-system
9
0
Fork 0
mirror of https://github.com/blackboxprogramming/BlackRoad-Operating-System.git synced 2026-03-17 04:57:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix CORS: Add production domains to ALLOWED_ORIGINS

Browse Source 
Updates ALLOWED_ORIGINS to include all BlackRoad domains, fixing the
"Access denied" error when accessing the Railway deployment.

Changes:
1. backend/app/config.py:33 - Updated default ALLOWED_ORIGINS to include:
   - https://blackroad.systems
   - https://www.blackroad.systems
   - https://os.blackroad.systems
   - https://blackroad-operating-system-production.up.railway.app
   - http://localhost:3000,http://localhost:8000 (for local dev)

2. backend/.env.example:27 - Updated template with production domains

This ensures Railway deployments work without requiring manual
environment variable configuration. The CORS middleware will now
accept requests from all BlackRoad domains.

Fixes: "Access denied" errors on production deployments
Related: DNS configuration in ops/domains.yaml
This commit is contained in:
Claude
2025-11-17 07:27:22 +00:00
parent 0c7dbe7e47
commit 77134e8b09
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/.env.example
View File

@@ -24,7 +24,7 @@ ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=30
REFRESH_TOKEN_EXPIRE_DAYS=7
WALLET_MASTER_KEY=changeme-wallet-master-key
ALLOWED_ORIGINS=https://blackroad.systems,https://your-frontend.example
ALLOWED_ORIGINS=https://blackroad.systems,https://www.blackroad.systems,https://os.blackroad.systems,https://blackroad-operating-system-production.up.railway.app,http://localhost:3000,http://localhost:8000
JWT_SECRET=changeme-jwt-secret
SESSION_SECRET=changeme-session-secret
NEXTAUTH_SECRET=changeme-nextauth-secret