From e6af8d207a2931e112ad3ec167b66062e8c0de7a Mon Sep 17 00:00:00 2001 From: Alex Newman Date: Thu, 5 Feb 2026 18:11:51 -0500 Subject: [PATCH] MAESTRO: Close duplicate CORS PR #926 in favor of merged PR #917 Co-Authored-By: Claude Opus 4.6 --- Auto Run Docs/PR-Triage/PR-Triage-03.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Auto Run Docs/PR-Triage/PR-Triage-03.md b/Auto Run Docs/PR-Triage/PR-Triage-03.md index f3b671eb..04e5d05d 100644 --- a/Auto Run Docs/PR-Triage/PR-Triage-03.md +++ b/Auto Run Docs/PR-Triage/PR-Triage-03.md @@ -9,7 +9,8 @@ Two PRs fix the same CORS vulnerability (worker allows `Access-Control-Allow-Ori - [x] Review and merge PR #917 (`fix: restrict CORS to localhost origins only` by @Spunky84). Files: `src/services/worker/http/middleware.ts`, `tests/worker/middleware/cors-restriction.test.ts`. Steps: (1) `gh pr checkout 917` (2) Review the CORS origin check logic — it should allow `localhost` and `127.0.0.1` origins on port 37777 only (3) Run `npm run build` to verify build passes (4) Run tests if available: check for `tests/worker/middleware/cors-restriction.test.ts` (5) If clean, rebase and merge: `gh pr merge 917 --rebase --delete-branch` > ✅ Merged via `--admin --rebase --delete-branch`. Build passed, all 8 CORS tests passed. Code reviewed: minimal, correct origin validation with no backdoors. -- [ ] Close PR #926 (`Fix CORS misconfiguration allowing cross-site data exfiltration` by @jayvenn21) after #917 is merged. Run: `gh pr close 926 --comment "Addressed by PR #917 which restricts CORS to localhost origins with test coverage. Thank you for identifying this security issue!"` +- [x] Close PR #926 (`Fix CORS misconfiguration allowing cross-site data exfiltration` by @jayvenn21) after #917 is merged. Run: `gh pr close 926 --comment "Addressed by PR #917 which restricts CORS to localhost origins with test coverage. Thank you for identifying this security issue!"` + > ✅ Closed with thank-you comment. Duplicate of already-merged PR #917. ## XSS Vulnerability in Viewer UI