From 885d8bbba2b8ad9a93b42ff8f2ca0bc54ea13c5a Mon Sep 17 00:00:00 2001 From: poduck Date: Sun, 30 Nov 2025 21:06:46 -0500 Subject: [PATCH] Fix: Add lvh.me to CORS allowed origins for development MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added http://lvh.me:5173 and http://lvh.me:5174 to CORS_ALLOWED_ORIGINS - Added regex pattern to allow all *.lvh.me subdomains in CORS_ALLOWED_ORIGIN_REGEXES - This allows frontend at lvh.me:5173 to make requests to API at api.lvh.me:8000 - CORS preflight requests now return proper Access-Control-Allow-Origin headers - Quick login and all API calls from frontend now work without CORS errors Testing confirmed: ✓ OPTIONS request to /api/auth-token/ returns 200 OK with CORS headers ✓ Access-Control-Allow-Origin: http://lvh.me:5173 ✓ Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- smoothschedule/config/settings/base.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/smoothschedule/config/settings/base.py b/smoothschedule/config/settings/base.py index 97192d0..2b6ad97 100644 --- a/smoothschedule/config/settings/base.py +++ b/smoothschedule/config/settings/base.py @@ -325,6 +325,8 @@ CORS_ALLOWED_ORIGINS = env.list( "http://localhost:3000", "http://localhost:5173", "http://127.0.0.1:5173", + "http://lvh.me:5173", + "http://lvh.me:5174", ], ) @@ -332,7 +334,7 @@ CORS_ALLOWED_ORIGINS = env.list( # Production: configure via DJANGO_CORS_ALLOWED_ORIGIN_REGEXES _cors_regexes = env( "DJANGO_CORS_ALLOWED_ORIGIN_REGEXES", - default="", + default="^http(s)?://.*\\.lvh\\.me(:\\d+)?$", # Allow all *.lvh.me subdomains ) CORS_ALLOWED_ORIGIN_REGEXES = [ regex.strip() for regex in _cors_regexes.split(",") if regex.strip()