fix(security): 修复 P0 安全漏洞 (Session越权+CORS白名单+用户名枚举)

2026-05-21 16:12:54 +08:00
parent 702d4ee1fe
commit 380cc24913
7 changed files with 161 additions and 15 deletions
@@ -55,6 +55,9 @@ ENABLE_BACKGROUND_THINKING=true
 # ========== Webhook (第三方平台接入) ==========
 WEBHOOK_API_KEY=your-webhook-api-key

+# ========== CORS 跨域白名单 (逗号分隔) ==========
+ALLOWED_ORIGINS=http://localhost:5173,http://localhost:5199,http://localhost:3000
+
 # ========== 记忆系统 ==========
 MEMORY_FILE_PATH=./data/memory
 VECTOR_DB_URL=http://localhost:6333