From 87f711dfc422848e2d2189f8d11c616c382bae1e Mon Sep 17 00:00:00 2001 From: Tom Cope <13124675+copethomas@users.noreply.github.com> Date: Sat, 9 Aug 2025 17:53:30 +0100 Subject: [PATCH 1/3] Removed wildcard CORS from allowlist --- src/codegate/server.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/codegate/server.py b/src/codegate/server.py index 216cdae85..4da49aec7 100644 --- a/src/codegate/server.py +++ b/src/codegate/server.py @@ -59,10 +59,6 @@ async def log_user_agent(request: Request, call_next): app.add_middleware( CORSMiddleware, - allow_origins=["*"], - allow_credentials=True, - allow_methods=["*"], - allow_headers=["*"], ) # Apply error handling middleware app.add_middleware(ServerErrorMiddleware, handler=custom_error_handler) From b0794ea8a4ed56383612abf84da3c9a2c6125fa5 Mon Sep 17 00:00:00 2001 From: Tom Cope <13124675+copethomas@users.noreply.github.com> Date: Sat, 9 Aug 2025 18:26:17 +0100 Subject: [PATCH 2/3] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 93bb9cec3..a1e0bd4bb 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# ⚠️ DEPRECATED ⚠️ +# Patached CodeGate - Fixing CORS Vuln -CodeGate was an experimental project and is no longer maintained. +This is a fork of the CodeGate project fixing CORS security issue explained in my blog post here: https://tomcope.com/exploit/2025-05-19-codegate-exploit/ From 27b3ac6586f2870c0e744340c24384579afb2580 Mon Sep 17 00:00:00 2001 From: Tom Cope <13124675+copethomas@users.noreply.github.com> Date: Sat, 9 Aug 2025 18:29:14 +0100 Subject: [PATCH 3/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a1e0bd4bb..c23152bfb 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Patached CodeGate - Fixing CORS Vuln -This is a fork of the CodeGate project fixing CORS security issue explained in my blog post here: https://tomcope.com/exploit/2025-05-19-codegate-exploit/ +This is a fork of the CodeGate project fixing CORS security issue explained in my blog post here: https://tomcope.com/exploit/2025-08-10-codegate-exploit/