From 4059a452a73aad50ed059be37f546267131d8361 Mon Sep 17 00:00:00 2001
From: Anderson Dadario <anderson.maranhoventuradadario@swisscom.com>
Date: Fri, 20 Dec 2019 13:56:39 +0100
Subject: [PATCH] fix #130 - restrict cors to localhost

---
 AnkiConnect.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/AnkiConnect.py b/AnkiConnect.py
index 22c51ab..30fcc40 100644
--- a/AnkiConnect.py
+++ b/AnkiConnect.py
@@ -39,6 +39,7 @@ from string import ascii_letters
 
 API_VERSION = 6
 API_LOG_PATH = None
+NET_CORS_ORIGIN = os.getenv('ANKICONNECT_CORS_ORIGIN', 'http://localhost')
 NET_ADDRESS = os.getenv('ANKICONNECT_BIND_ADDRESS', '127.0.0.1')
 NET_BACKLOG = 5
 NET_PORT = 8765
@@ -199,7 +200,7 @@ class WebServer:
         self.headers = [
             ['HTTP/1.1 200 OK', None],
             ['Content-Type', 'text/json'],
-            ['Access-Control-Allow-Origin', '*']
+            ['Access-Control-Allow-Origin', NET_CORS_ORIGIN]
         ]
         self.headersOpt = {}