Skip to content

Add CORS support for app.merabytes.com and local.merabytes.com #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kn0wm4d merged 3 commits into from
Dec 20, 2025
Merged

Add CORS support for app.merabytes.com and local.merabytes.com #2

kn0wm4d merged 3 commits into from
Dec 20, 2025

Conversation

Copy link
Contributor

Copilot AI commented Dec 20, 2025
edited
Loading

The Lambda function needs to accept requests from multiple frontend domains: app.merabytes.com and local.merabytes.com in addition to the existing secrets.merabytes.com.

Changes

Dynamic origin validation

  • Extract Origin header from requests (case-insensitive)
  • Match against allowed origins whitelist
  • Return matched origin in Access-Control-Allow-Origin response header
  • Default to first allowed origin if no match

Configuration

  • Default origins: secrets.merabytes.com, app.merabytes.com, local.merabytes.com
  • Support comma-separated CORS_ORIGIN env var: https://app1.com,https://app2.com
  • Filter empty strings and whitespace from parsed values

Implementation

# New helper functions
def _extract_origin(event):
    headers = event.get('headers', {})
    for key, value in headers.items():
        if key.lower() == 'origin':
            return value
    return None

def _get_cors_headers(origin=None):
    allowed_origin = ALLOWED_ORIGINS[0]
    if origin and origin in ALLOWED_ORIGINS:
        allowed_origin = origin
    return {"Access-Control-Allow-Origin": allowed_origin, ...}

# Applied at request start
def lambda_handler(event, context):
    origin = _extract_origin(event)
    CORS_HEADERS = _get_cors_headers(origin)
    # ... rest of handler

Backward compatible: existing single-origin configurations continue to work.

Original prompt

Add CORS support for app.merabytes.com and local.merabytes.com

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI self-assigned this Dec 20, 2025
Copilot AI and others added 2 commits December 20, 2025 20:03
@kn0wm4d
Implement dynamic CORS support for multiple origins
f539f0b 
- Add support for app.merabytes.com and local.merabytes.com
- Implement dynamic origin validation and matching
- Extract Origin header from request and validate against allowed list
- Return matching origin in CORS response header
- Support comma-separated CORS_ORIGIN env variable for custom origins
- Update documentation with multi-origin CORS configuration examples

Co-authored-by: kn0wm4d <15344287+kn0wm4d@users.noreply.github.com>
@kn0wm4d
Address code review feedback
777f524 
- Filter out empty strings when parsing CORS_ORIGIN env variable
- Add fallback to default origins if parsed list is empty
- Implement case-insensitive Origin header lookup
- Add clarifying comment about Lambda execution context safety
- Add comprehensive edge case testing

Co-authored-by: kn0wm4d <15344287+kn0wm4d@users.noreply.github.com>
Copilot AI changed the title [WIP] Add CORS support for app and local subdomains Add CORS support for app.merabytes.com and local.merabytes.com Dec 20, 2025
Copilot AI requested a review from kn0wm4d December 20, 2025 20:09
@kn0wm4d
Copy link
Contributor

kn0wm4d commented Dec 20, 2025

@copilot It has to support the three origins by default

@kn0wm4d kn0wm4d marked this pull request as ready for review December 20, 2025 20:15
@kn0wm4d kn0wm4d merged commit 500935a into main Dec 20, 2025
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kn0wm4d kn0wm4d Awaiting requested review from kn0wm4d

Assignees

@kn0wm4d kn0wm4d

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kn0wm4d