diff --git a/main.py b/main.py index 3632ec3..d1ca76d 100644 --- a/main.py +++ b/main.py @@ -378,6 +378,11 @@ _CORS_EXTRA_DEV_ORIGINS = [ _cors_env = config.CORS_ORIGINS_RAW if _cors_env == "*" or not _cors_env: + if config.ENV == "production": + logger.error( + "CORS_ORIGINS must be configured with specific domains in production! Wildcard '*' or empty values are forbidden." + ) + sys.exit("CORS configuration error: Wildcard '*' or empty CORS_ORIGINS is forbidden in production.") logger.warning( "CORS_ORIGINS not properly configured. Using permissive settings for development only!" )