From 03f71fd2572ca2122574ccc61e8fa5a963bb76e1 Mon Sep 17 00:00:00 2001 From: Alex Shnitman Date: Mon, 13 Apr 2026 19:02:27 +0300 Subject: [PATCH] fix asterisk CORS_ALLOWED_ORIGINS, mentioned in #955 --- app/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/main.py b/app/main.py index 7269c8c..62084c8 100644 --- a/app/main.py +++ b/app/main.py @@ -915,7 +915,7 @@ app.router.add_route('OPTIONS', config.URL_PREFIX + 'delete-cookies', add_cors) async def on_prepare(request, response): origin = request.headers.get('Origin') - if origin and _cors_origins and origin in _cors_origins: + if origin and _cors_origins and ('*' in _cors_origins or origin in _cors_origins): response.headers['Access-Control-Allow-Origin'] = origin response.headers['Access-Control-Allow-Headers'] = 'Content-Type'