yiekheng/cm_bot_v2
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cm_bot_v2/app
History
yiekheng 43db97aeaa fix(api): drop flask_cors from cm_api (CORS-A defense-in-depth) 
api-server is internal-only after C5 (no host port in prod compose),
so the permissive 'CORS(app)' default never fires in normal operation.
Removing it eliminates a stale '*' Access-Control-Allow-Origin that
would become attack surface if a host port were ever accidentally
re-exposed.

Server-side fetches from web-view (legacy Flask) and web-next
(Next.js RSC) don't trigger CORS — that's a browser-only mechanism.

flask_cors stays in requirements.txt because cm_web_view.py still
imports it; both get removed in B4 when the legacy web-view retires.
2026-05-02 21:27:06 +08:00
..
__init__.py
Refactor Docker layout for Gitea publishing
2025-10-19 22:22:55 +08:00
bot_cli.py
fix(hal): set_security_pin_api returns dict; cm_telegram now correct
2026-05-02 17:37:50 +08:00
cm_api.py
fix(api): drop flask_cors from cm_api (CORS-A defense-in-depth)
2026-05-02 21:27:06 +08:00
cm_bot_hal.py
fix(hal): set_security_pin_api returns dict; cm_telegram now correct
2026-05-02 17:37:50 +08:00
cm_bot.py
refactor(scraper): make get_register_link and get_user_credit dump on failure
2026-05-02 17:55:12 +08:00
cm_telegram.py
Refactor: externalize all hardcoded config to env vars, add multi-deployment support
2026-03-22 22:25:40 +08:00
cm_transfer_credit.py
Refactor Docker layout for Gitea publishing
2025-10-19 22:22:55 +08:00
cm_web_view.py
feat(web): make Werkzeug debug opt-in via CM_DEBUG
2026-05-02 16:21:51 +08:00
db.py
Refactor: externalize all hardcoded config to env vars, add multi-deployment support
2026-03-22 22:25:40 +08:00
telegram_notifier.py
Refactor: externalize all hardcoded config to env vars, add multi-deployment support
2026-03-22 22:25:40 +08:00