oss-taishan-ai commented on issue #410: URL: https://github.com/apache/rocketmq-dashboard/issues/410#issuecomment-4652437731
## Assessment by github-manager-bot **Type:** Bug **Priority:** Medium ### Summary The CORS configuration in rocketmq-dashboard hardcodes `http://localhost:3003` as the only allowed origin, preventing deployment in production environments with different origins. ### Analysis This is a valid configuration issue. The hardcoded origin in `CorsConfigurationSource` bean prevents flexible deployment scenarios. The allowed origins should be configurable via application properties or environment variables. ### Suggestions 1. Make allowed origins configurable via `application.properties` (e.g., `rocketmq.dashboard.cors.allowed-origins`) 2. Support comma-separated multiple origins 3. Add documentation for production CORS configuration ### Verdict **Valid bug** — The CORS configuration should be externalized for production deployments. --- *Automated assessment by github-manager-bot* -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
