chore: specify cors origins as a regexp

settings.example.yaml

@@ -1,6 +1,8 @@
 # Check settings.schema.yaml for more details
 $schema: "./settings.schema.yaml"
 # ---------- Application settings ----- #
+environment: development
+
 db_url: postgresql+asyncpg://postgres:postgres@localhost:5432/postgres
 accounts:
   # JWT secret

settings.schema.yaml

@@ -80,17 +80,12 @@ properties:
     title: Db Url
     type: string
     writeOnly: true
-  cors_allow_origins:
-    default:
-    - https://innohassle.ru
-    - https://pre.innohassle.ru
-    - http://localhost:3000
+  cors_allow_origin_regex:
+    default: .*
     description: 'Allowed origins for CORS: from which domains requests to the API
-      are allowed'
-    items:
-      type: string
-    title: Cors Allow Origins
-    type: array
+      are allowed. Specify as a regex: `https://.*.innohassle.ru`'
+    title: Cors Allow Origin Regex
+    type: string
   predefined_dir:
     default: predefined
     description: Path to the directory with predefined data

src/api/app.py

@@ -38,7 +38,7 @@
 
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=settings.cors_allow_origins,
+    allow_origin_regex=settings.cors_allow_origin_regex,
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],

src/config_schema.py

@@ -54,8 +54,8 @@ class Settings(SettingsEntityModel):
     "App environment"
     db_url: SecretStr = "postgresql+asyncpg://postgres:postgres@localhost:5432/postgres"
     "PostgreSQL database connection URL"
-    cors_allow_origins: list[str] = ["https://innohassle.ru", "https://pre.innohassle.ru", "http://localhost:3000"]
-    "Allowed origins for CORS: from which domains requests to the API are allowed"
+    cors_allow_origin_regex: str = ".*"
+    "Allowed origins for CORS: from which domains requests to the API are allowed. Specify as a regex: `https://.*.innohassle.ru`"
     predefined_dir: Path = Path("./predefined")
     "Path to the directory with predefined data"
     accounts: Accounts