Skip to content

fix(app): resolve CORS and host validation blocks on LAN#35930

Open
prmartinow wants to merge 2 commits into
anomalyco:devfrom
prmartinow:fix/lan-access-and-session-history
Open

fix(app): resolve CORS and host validation blocks on LAN#35930
prmartinow wants to merge 2 commits into
anomalyco:devfrom
prmartinow:fix/lan-access-and-session-history

Conversation

@prmartinow

@prmartinow prmartinow commented Jul 8, 2026

Copy link
Copy Markdown

Issue for this PR

Closes #19949
Closes #28927

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

When running OpenCode Web, CORS and host validation headers block browser-based clients trying to connect via custom LAN URLs (like https://opencode.spark.lan/global/health).

This PR configures allowedHosts: true and cors: true on the Vite dev server configuration, and fixes bundling issues for asset loading on LAN web interfaces.

How did you verify your code works?

  • Launched opencode web and accessed the web interface from another machine on the LAN using its local IP (e.g., 192.168.1.16).
  • Verified that all static assets and worker scripts resolve successfully, and health check requests (/global/health) load without CORS or CSP blocks.

Screenshots / recordings

N/A - network/configuration change only.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@github-actions github-actions Bot added needs:compliance This means the issue will auto-close after 2 hours. and removed needs:compliance This means the issue will auto-close after 2 hours. labels Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Thanks for updating your PR! It now meets our contributing guidelines. 👍

@prmartinow prmartinow force-pushed the fix/lan-access-and-session-history branch from d377733 to b34ad4b Compare July 10, 2026 09:12
@prmartinow prmartinow marked this pull request as ready for review July 10, 2026 09:19
@prmartinow prmartinow force-pushed the fix/lan-access-and-session-history branch from b34ad4b to 6a792a2 Compare July 11, 2026 14:26
@prmartinow prmartinow force-pushed the fix/lan-access-and-session-history branch from 3e5c4ba to a092c4b Compare July 13, 2026 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Wildcard cors for server not allowed [Opencode WEB] Unable to add another opencode server due to CSP violation

1 participant