oss-taishan-ai commented on issue #410:
URL: 
https://github.com/apache/rocketmq-dashboard/issues/410#issuecomment-4652437731

   ## Assessment by github-manager-bot
   
   **Type:** Bug
   **Priority:** Medium
   
   ### Summary
   The CORS configuration in rocketmq-dashboard hardcodes 
`http://localhost:3003` as the only allowed origin, preventing deployment in 
production environments with different origins.
   
   ### Analysis
   This is a valid configuration issue. The hardcoded origin in 
`CorsConfigurationSource` bean prevents flexible deployment scenarios. The 
allowed origins should be configurable via application properties or 
environment variables.
   
   ### Suggestions
   1. Make allowed origins configurable via `application.properties` (e.g., 
`rocketmq.dashboard.cors.allowed-origins`)
   2. Support comma-separated multiple origins
   3. Add documentation for production CORS configuration
   
   ### Verdict
   **Valid bug** — The CORS configuration should be externalized for production 
deployments.
   
   ---
   *Automated assessment by github-manager-bot*


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to