work/ai-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stealth CORS with Origin Reflection and Reliable Logging

Browse Source
This commit is contained in:
Paulo Reyes
2026-02-10 22:25:12 +08:00
parent a05c88f6d5
commit 692964625d
2 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Caddyfile
View File

@@ -3,23 +3,23 @@
} }
ai-gateway.ldex.dev { ai-gateway.ldex.dev {
# Log all requests to stdout
log { log {
output stdout output stdout
} }
# 1. Force CORS headers and DELETE duplicates from backend # Stealth CORS: Reflect the requester's origin instead of using "*"
# This avoids the "*, *" duplication and looks less suspicious to Zscaler
header { header {
-Access-Control-Allow-Origin Access-Control-Allow-Origin "{header.Origin}"
-Access-Control-Allow-Methods
-Access-Control-Allow-Headers
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, OPTIONS" Access-Control-Allow-Methods "GET, POST, OPTIONS"
Access-Control-Allow-Headers "*" Access-Control-Allow-Headers "*"
Access-Control-Expose-Headers "*" Access-Control-Expose-Headers "*"
Access-Control-Allow-Credentials "true"
# 'defer' ensures we override any headers sent by the backend
defer
} }
# 2. Immediately handle OPTIONS requests # Handle preflights immediately
@options { @options {
method OPTIONS method OPTIONS
} }
@@ -27,6 +27,5 @@ ai-gateway.ldex.dev {
respond "" 204 respond "" 204
} }
# 3. Proxy everything else
reverse_proxy ai-gateway:8000 reverse_proxy ai-gateway:8000
} }

12
app/main.py
View File

@@ -3,6 +3,12 @@ from fastapi import FastAPI, Request
from slowapi import _rate_limit_exceeded_handler from slowapi import _rate_limit_exceeded_handler
from slowapi.errors import RateLimitExceeded from slowapi.errors import RateLimitExceeded
import logging
# Set up logging to stdout
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger("ai_gateway")
from app.api.router import api_router from app.api.router import api_router
from app.core.config import settings from app.core.config import settings
from app.core.limiter import limiter from app.core.limiter import limiter
@@ -34,10 +40,10 @@ def create_application() -> FastAPI:
# Debug Logger Middleware # Debug Logger Middleware
@application.middleware("http") @application.middleware("http")
async def log_requests(request: Request, call_next): async def log_requests(request: Request, call_next):
print(f"DEBUG: Incoming {request.method} {request.url}") logger.info(f"DEBUG: Incoming {request.method} {request.url}")
print(f"DEBUG: Origin: {request.headers.get('origin')}") logger.info(f"DEBUG: Origin: {request.headers.get('origin')}")
response = await call_next(request) response = await call_next(request)
print(f"DEBUG: Status Code: {response.status_code}") logger.info(f"DEBUG: Status Code: {response.status_code}")
return response return response
# Set up Rate Limiter (CORS is handled by Caddy at the edge) # Set up Rate Limiter (CORS is handled by Caddy at the edge)