diff --git a/README.md b/README.md index 93bb9cec..c23152bf 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# ⚠️ DEPRECATED ⚠️ +# Patached CodeGate - Fixing CORS Vuln -CodeGate was an experimental project and is no longer maintained. +This is a fork of the CodeGate project fixing CORS security issue explained in my blog post here: https://tomcope.com/exploit/2025-08-10-codegate-exploit/ diff --git a/src/codegate/server.py b/src/codegate/server.py index 216cdae8..4da49aec 100644 --- a/src/codegate/server.py +++ b/src/codegate/server.py @@ -59,10 +59,6 @@ async def log_user_agent(request: Request, call_next): app.add_middleware( CORSMiddleware, - allow_origins=["*"], - allow_credentials=True, - allow_methods=["*"], - allow_headers=["*"], ) # Apply error handling middleware app.add_middleware(ServerErrorMiddleware, handler=custom_error_handler)