Skip to content

Fix CORS methods parsing to support wildcard#168

Closed
railway-app[bot] wants to merge 1 commit into
mainfrom
railway/code-change-XFZPTl
Closed

Fix CORS methods parsing to support wildcard#168
railway-app[bot] wants to merge 1 commit into
mainfrom
railway/code-change-XFZPTl

Conversation

@railway-app
Copy link
Copy Markdown
Contributor

@railway-app railway-app Bot commented May 6, 2026

Problem

FastAPI's CORSMiddleware rejects "*" as an HTTP method value, so when CORS_METHODS is set to "*" the existing comma-split logic produces ["*"], which the middleware cannot recognise. This causes every CORS preflight OPTIONS request to /api/v1/contact-messages to fail with HTTP 400, breaking the contact form.

Solution

Updated cors_methods_list in app/config/settings.py to detect the wildcard and return the full list of real HTTP method names (GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD, TRACE, CONNECT) instead of passing "*" directly to the middleware. The cors_headers_list property is also guarded to return ["*"] explicitly when the wildcard is set, since FastAPI does accept "*" for headers. Non-wildcard values continue to be split by comma as before.

Changes

  • Modified app/config/settings.py

Generated by Railway

@codecov
Copy link
Copy Markdown

codecov Bot commented May 6, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@Azfe Azfe closed this May 6, 2026
@Azfe Azfe deleted the railway/code-change-XFZPTl branch May 6, 2026 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Azfe