molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
5d4ee18c72
molecule-core/platform
History
Hongming Wang 807b4c1b45 fix(auth): allow same-origin canvas requests through WorkspaceAuth on tenant 
WorkspaceAuth only accepted bearer tokens, blocking the canvas from
calling per-workspace routes (restart, config, secrets, chat) on the
tenant image where canvas + API share the same origin.

Added isSameOriginCanvas() fallback (same check used by AdminAuth):
checks Referer matches request Host, gated behind CANVAS_PROXY_URL
so only tenant deployments are affected.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 10:06:33 -07:00
..
cmd/server chore: remove extracted directories, add manifest-driven Docker builds 2026-04-16 04:13:29 -07:00
internal fix(auth): allow same-origin canvas requests through WorkspaceAuth on tenant 2026-04-16 10:06:33 -07:00
migrations feat(channels): Lark / Feishu adapter (outbound webhook + Events API inbound) 2026-04-16 07:10:58 -07:00
pkg/provisionhook feat(platform): provision-time env mutator hook for plugins 2026-04-16 06:47:09 -07:00
Dockerfile fix: address all code review findings + remove exposed secrets 2026-04-16 05:05:49 -07:00
Dockerfile.tenant fix: address all code review findings + remove exposed secrets 2026-04-16 05:05:49 -07:00
entrypoint-tenant.sh feat(tenant): combined platform + canvas Docker image with reverse proxy 2026-04-16 02:46:47 -07:00
go.mod initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
go.sum initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00