skills/deerflow2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2eb11f97ab
deerflow2/backend/app/gateway
History
AochenShen99 c3bc6c7cd5
fix(nginx): defer CORS to gateway allowlist (#2861) 
* fix(nginx): defer cors to gateway allowlist

Remove proxy-level wildcard CORS handling so browser origins are controlled by the Gateway allowlist and stay aligned with CSRF origin checks.

* docs: document gateway cors allowlist

Clarify that same-origin nginx access needs no CORS headers while split-origin or port-forwarded browser clients must opt in with GATEWAY_CORS_ORIGINS.

* docs(gateway): record cors source of truth

Document that Gateway CORSMiddleware and CSRFMiddleware share GATEWAY_CORS_ORIGINS as the split-origin source of truth.

* fix(gateway): align cors origin normalization

* docs: clarify gateway langgraph routing

* docs(gateway): update runtime routing note
2026-05-11 17:38:37 +08:00
..
auth fix(security): harden auth system and fix run journal logic bug (#2593) 2026-04-28 11:34:07 +08:00
routers fix: use backend thread token usage for header total (#2800) 2026-05-09 19:40:32 +08:00
__init__.py refactor: split backend into harness (deerflow.*) and app (app.*) (#1131) 2026-03-14 22:55:52 +08:00
app.py fix(nginx): defer CORS to gateway allowlist (#2861) 2026-05-11 17:38:37 +08:00
auth_middleware.py feat: implement process-local internal authentication for Gateway and enhance CSRF handling 2026-04-26 22:20:57 +08:00
authz.py fix(security): harden auth system and fix run journal logic bug (#2593) 2026-04-28 11:34:07 +08:00
config.py fix(nginx): defer CORS to gateway allowlist (#2861) 2026-05-11 17:38:37 +08:00
csrf_middleware.py fix(nginx): defer CORS to gateway allowlist (#2861) 2026-05-11 17:38:37 +08:00
deps.py refactor: thread release config through lead path (#2612) 2026-04-28 14:53:18 +08:00
internal_auth.py feat: implement process-local internal authentication for Gateway and enhance CSRF handling 2026-04-26 22:20:57 +08:00
langgraph_auth.py fix(security): harden auth system and fix run journal logic bug (#2593) 2026-04-28 11:34:07 +08:00
path_utils.py feat(persistence): per-user filesystem isolation, run-scoped APIs, and state/history simplification (#2153) 2026-04-26 11:13:01 +08:00
services.py fix: keep new agent bootstrap in user scope (#2784) 2026-05-09 19:43:50 +08:00
utils.py feat(persistence): add unified persistence layer with event store, token tracking, and feedback (#1930) 2026-04-26 11:05:47 +08:00