refactor: Centralize CORS business logic into Tangle middleware by morgan-wowk · Pull Request #65 · TangleML/tangle

morgan-wowk · 2026-01-08T23:44:30Z

Why is this change needed:

It centralizes the CORS logic for Tangle so we are not maintaining duplicate solutions.
It introduces the ability to configure CORS, increasing support for various environment configuration:
- Local development (frontend on localhost:3000, backend on localhost:8000)
- Production deployments where the frontend and backend are on different domains
- Multi-tenant deployments with multiple frontend URLs

maxy-shpfy

LGTM, but havent had a chance to test

maxy-shpfy · 2026-01-09T16:28:02Z

cloud_pipelines_backend/middleware.py

+    # Parse the comma-separated list and strip whitespace from each origin
+    allowed_origins = [
+        origin.strip() 
+        for origin in cors_origins_str.split(",") 


Do we want to add more sanity-checks (aka valid URLs) since it is a user-input?

Great idea. I am sure this will help some people.

I have added some validation and useful messages when invalid formats are detected.

maxy-shpfy · 2026-01-09T16:29:42Z

cloud_pipelines_backend/middleware.py

+    )
+
+
+def setup_global_middleware(app: fastapi.FastAPI) -> None:


NIT: No idea what naming conventions usually are, but since the usage is middleware.setup_global_middleware , maybe we simplify to middlware.setup? Not sure what not "global" middleware we may have.

I think setup is fine for now as well. Thank you!

Until we have a group of middleware to call, I am just calling setup_cors_middleware directly now (1 less function).

morgan-wowk · 2026-01-09T17:31:17Z

LGTM, but havent had a chance to test

Thanks for reviewing. I have added tests to the PR now as well to verify the middleware is meeting expectations, then will test again on staging with actual requests.

Ark-kun · 2026-02-10T00:53:12Z

The internal startup script already has CORSMiddleware (7 lines).
https://github.com/Shopify/oasis-backend/blob/3b209c8dd87dfd695c663985bbbba4152d8e8ea0/app.py#L618
What does the PR accomplish on top of that? Does it fix some scenarios or makes new scenarios possible?

morgan-wowk · 2026-02-10T03:01:43Z

The internal startup script already has CORSMiddleware (7 lines). https://github.com/Shopify/oasis-backend/blob/3b209c8dd87dfd695c663985bbbba4152d8e8ea0/app.py#L618 What does the PR accomplish on top of that? Does it fix some scenarios or makes new scenarios possible?

Hey,

This is a solution that supports multiple configurations and isn't exclusive to our internal script. It's just in general an improvement to our CORS for different backend setups. For example, running the backend at a different address / domain then the frontend, or a port that is not 3000.

morgan-wowk · 2026-02-10T03:05:08Z

The internal startup script already has CORSMiddleware (7 lines). https://github.com/Shopify/oasis-backend/blob/3b209c8dd87dfd695c663985bbbba4152d8e8ea0/app.py#L618 What does the PR accomplish on top of that? Does it fix some scenarios or makes new scenarios possible?

Hey,

This is a solution that supports multiple configurations and isn't exclusive to our internal script. It's just in general an improvement to our CORS for different backend setups. For example, running the backend at a different address / domain then the frontend, or a port that is not 3000.

We have been discussing backend configurations separately and in the future we might remove the custom backend settings; That's what is still being discussed. We can always remove this later on if we strictly support only relative backends, but for now this is a quality of life change. Especially for me where I sometimes am running my backend at a non-relative path / different port.

maxy-shpfy requested a review from Ark-kun January 9, 2026 16:22

maxy-shpfy reviewed Jan 9, 2026

View reviewed changes

morgan-wowk force-pushed the 01-08-refactor_centralize_cors_business_logic_into_tangle_middleware branch from 3d90d50 to 9d18a3c Compare January 9, 2026 17:27

refactor: Centralize CORS business logic into Tangle middleware

07b49cb

morgan-wowk force-pushed the 01-08-refactor_centralize_cors_business_logic_into_tangle_middleware branch from 9d18a3c to 07b49cb Compare January 29, 2026 21:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: Centralize CORS business logic into Tangle middleware#65

refactor: Centralize CORS business logic into Tangle middleware#65
morgan-wowk wants to merge 1 commit intoTangleML:masterfrom
morgan-wowk:01-08-refactor_centralize_cors_business_logic_into_tangle_middleware

morgan-wowk commented Jan 8, 2026

Uh oh!

maxy-shpfy left a comment

Uh oh!

maxy-shpfy Jan 9, 2026

Uh oh!

morgan-wowk Jan 9, 2026

Uh oh!

maxy-shpfy Jan 9, 2026

Uh oh!

morgan-wowk Jan 9, 2026

Uh oh!

morgan-wowk commented Jan 9, 2026

Uh oh!

Ark-kun commented Feb 10, 2026 •

edited

Loading

Uh oh!

morgan-wowk commented Feb 10, 2026

Uh oh!

morgan-wowk commented Feb 10, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

morgan-wowk commented Jan 8, 2026

Uh oh!

maxy-shpfy left a comment

Choose a reason for hiding this comment

Uh oh!

maxy-shpfy Jan 9, 2026

Choose a reason for hiding this comment

Uh oh!

morgan-wowk Jan 9, 2026

Choose a reason for hiding this comment

Uh oh!

maxy-shpfy Jan 9, 2026

Choose a reason for hiding this comment

Uh oh!

morgan-wowk Jan 9, 2026

Choose a reason for hiding this comment

Uh oh!

morgan-wowk commented Jan 9, 2026

Uh oh!

Ark-kun commented Feb 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

morgan-wowk commented Feb 10, 2026

Uh oh!

morgan-wowk commented Feb 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Ark-kun commented Feb 10, 2026 •

edited

Loading

morgan-wowk commented Feb 10, 2026 •

edited

Loading