From 87097a20991e6460fd47fc0d5fd134bf605835d7 Mon Sep 17 00:00:00 2001 From: gitea_admin Date: Sat, 21 Feb 2026 23:39:05 +0000 Subject: [PATCH] fix: add admin CORS + optional header --- app/routers/admin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/routers/admin.py b/app/routers/admin.py index 2c67ca2..431dc07 100644 --- a/app/routers/admin.py +++ b/app/routers/admin.py @@ -24,8 +24,8 @@ router = APIRouter(prefix="/admin", tags=["admin"]) ADMIN_API_KEY = "Platform-Admin-2024!" # in prod: from secret/env -def _require_admin(x_admin_key: str = Header(...)): - if x_admin_key != ADMIN_API_KEY: +def _require_admin(x_admin_key: Optional[str] = Header(default=None)): + if not x_admin_key or x_admin_key != ADMIN_API_KEY: raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized")