claude-mem

airkjw/claude-mem

Fork 0

Commit Graph

Author	SHA1	Message	Date
OpenCode User	86b1d7fad9	fix: restrict CORS to localhost origins only Prevents cross-origin attacks from malicious websites by restricting CORS to only allow: - Requests without Origin header (hooks, curl, CLI tools) - Requests from localhost / 127.0.0.1 origins Previously, CORS was completely open (cors() without configuration), allowing any website to access the local API and read session data.	2026-02-05 18:10:50 -05:00

Author

SHA1

Message

Date

OpenCode User

86b1d7fad9

fix: restrict CORS to localhost origins only

Prevents cross-origin attacks from malicious websites by restricting
CORS to only allow:
- Requests without Origin header (hooks, curl, CLI tools)
- Requests from localhost / 127.0.0.1 origins

Previously, CORS was completely open (cors() without configuration),
allowing any website to access the local API and read session data.

2026-02-05 18:10:50 -05:00

1 Commits