fix: require publicurl when cors enabled (#1351)

2026-04-24 14:15:18 +00:00 · 2025-08-29 22:51:31 +02:00
parent af8c977ccf
commit e29561e49c
3 changed files with 8 additions and 1 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -136,6 +136,7 @@ jobs:
          VIKUNJA_DATABASE_SSLMODE: disable
          VIKUNJA_LOG_DATABASE: stdout
          VIKUNJA_LOG_DATABASELEVEL: debug
+          VIKUNJA_SERVICE_PUBLICURL: http://127.0.0.1:3456
        run: |
          # Wait for MySQL to be ready if using MySQL
          if [ "$VIKUNJA_DATABASE_TYPE" = "mysql" ]; then
@@ -238,6 +239,7 @@ jobs:
          VIKUNJA_AUTH_LDAP_BINDDN: uid=gitea,ou=service,dc=planetexpress,dc=com
          VIKUNJA_AUTH_LDAP_BINDPASSWORD: password
          VIKUNJA_AUTH_LDAP_USERFILTER: "(&(objectclass=inetorgperson)(uid=%s))"
+          VIKUNJA_SERVICE_PUBLICURL: http://127.0.0.1:3456
        run: |
          mkdir -p frontend/dist
          touch frontend/dist/index.html
@@ -350,6 +352,7 @@ jobs:
          VIKUNJA_SERVICE_TESTINGTOKEN: averyLongSecretToSe33dtheDB
          VIKUNJA_LOG_LEVEL: DEBUG
          VIKUNJA_CORS_ENABLE: 1
+          VIKUNJA_SERVICE_PUBLICURL: http://127.0.0.1:3456
          VIKUNJA_DATABASE_PATH: memory
          VIKUNJA_DATABASE_TYPE: sqlite
          VIKUNJA_RATELIMIT_NOAUTHLIMIT: 1000
--- a/config-raw.json
+++ b/config-raw.json
@@ -36,7 +36,7 @@
                {
                    "key": "publicurl",
                    "default_value": "",
-                    "comment": "The public facing URL where your users can reach Vikunja. Used in emails and for the communication between api and frontend. The url must be a valid http or https url."
+                    "comment": "The public facing URL where your users can reach Vikunja. Used in emails and for the communication between api and frontend. The url must be a valid http or https url. This setting is required when cors.enable is true."
                },
                {
                    "key": "rootpath",
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -586,6 +586,10 @@ func InitConfig() {
 		RateLimitStore.Set(KeyvalueType.GetString())
 	}

+	if CorsEnable.GetBool() && ServicePublicURL.GetString() == "" {
+		log.Fatalf("service.publicurl is required when cors.enable is true")
+	}
+
 	if ServicePublicURL.GetString() != "" {
 		if !strings.HasSuffix(ServicePublicURL.GetString(), "/") {
 			ServicePublicURL.Set(ServicePublicURL.GetString() + "/")