feat: add configurable CORS support with environment variables and improved exception handling (#18)

jonigl · web-flow · commit e53ddcf5237a · 2025-07-03T00:04:34.000+02:00
- Add CORS middleware with configurable origins via CORS_ORIGINS environment variable
- Add CORS configuration logging with security warnings for wildcard origins
- Improve exception handling in lifecycle.py with more specific exception types
- Update README.md with comprehensive CORS configuration documentation
- Add Table of Contents to README.md for better navigation
- Default to allowing all origins (*) with production security warnings in logs
diff --git a/README.md b/README.md
@@ -15,6 +15,27 @@
 [![Python 3.10+](https://img.shields.io/badge/Python-3.10+-blue.svg)](https://www.python.org/downloads/)
 ![License](https://img.shields.io/badge/License-MIT-green.svg)
 
+## Table of Contents
+
+- [Features](#features)
+- [Requirements](#requirements)
+- [Installation](#installation)
+  - [Quick Start](#quick-start)
+  - [Or, install from PyPI with pip](#or-install-from-pypi-with-pip)
+  - [Or, install from source](#or-install-from-source)
+- [How It Works](#how-it-works)
+- [Configuration](#configuration)
+  - [MCP Servers Configuration](#mcp-servers-configuration)
+  - [CORS Configuration](#cors-configuration)
+- [Usage](#usage)
+  - [Start the Server](#start-the-server)
+  - [CLI Options](#cli-options)
+  - [API Usage](#api-usage)
+  - [Example: Chat](#example-chat)
+- [Development](#development)
+  - [Key Dependencies](#key-dependencies)
+  - [Testing](#testing)
+- [Inspiration and Credits](#inspiration-and-credits)
 
 ## Features
 
@@ -97,6 +118,8 @@ ollama-mcp-bridge
 
 ## Configuration
 
+### MCP Servers Configuration
+
 Create an MCP configuration file at `mcp-servers-config/mcp-config.json` with your servers:
 
 ```json
@@ -126,6 +149,34 @@ Create an MCP configuration file at `mcp-servers-config/mcp-config.json` with yo
 }
 ```
 
+### CORS Configuration
+
+Configure Cross-Origin Resource Sharing (CORS) to allow requests from your frontend applications:
+
+```bash
+# Allow all origins (default, not recommended for production)
+ollama-mcp-bridge
+
+# Allow specific origins
+CORS_ORIGINS="http://localhost:3000,https://myapp.com" ollama-mcp-bridge
+
+# Allow multiple origins with different ports
+CORS_ORIGINS="http://localhost:3000,http://localhost:8080,https://app.example.com" ollama-mcp-bridge
+```
+
+**Environment Variables:**
+- `CORS_ORIGINS`: Comma-separated list of allowed origins (default: `*`)
+  - `*` allows all origins (shows warning in logs)
+  - Specific origins like `http://localhost:3000,https://myapp.com` for production
+
+**CORS Logging:**
+- The bridge logs CORS configuration at startup
+- Shows warning when using `*` (all origins)
+- Shows allowed origins when properly configured
+
+> [!WARNING]
+> Using `CORS_ORIGINS="*"` allows all origins and is not recommended for production. Always specify exact origins for security.
+
 > [!NOTE]
 > An example MCP server script is provided at `mcp-servers-config/mock-weather-mcp-server.py`.
 
diff --git a/src/ollama_mcp_bridge/api.py b/src/ollama_mcp_bridge/api.py
@@ -1,9 +1,11 @@
 """FastAPI application"""
+import os
 from typing import Dict, Any
+import httpx
 from fastapi import FastAPI, HTTPException, Body, status, Request
 from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
 from loguru import logger
-import httpx
 
 from .lifecycle import lifespan, get_proxy_service
 from .schemas import CHAT_EXAMPLE
@@ -19,6 +21,24 @@
     lifespan=lifespan
 )
 
+# Configure CORS
+cors_origins = os.getenv("CORS_ORIGINS", "*").split(",")
+cors_origins = [origin.strip() for origin in cors_origins]
+
+# Log CORS configuration
+if cors_origins == ["*"]:
+    logger.warning("CORS is configured to allow ALL origins (*). This is not recommended for production.")
+else:
+    logger.info(f"CORS configured to allow origins: {cors_origins}")
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=cors_origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 
 @app.get("/health", summary="Health check", description="Check the health status of the MCP Proxy and Ollama server.")
 async def health():
diff --git a/src/ollama_mcp_bridge/lifecycle.py b/src/ollama_mcp_bridge/lifecycle.py
@@ -56,15 +56,15 @@ async def lifespan(fastapi_app: FastAPI):
     try:
         if proxy_service:
             await proxy_service.cleanup()
-    except (IOError, httpx.HTTPError) as e:
+    except (IOError, httpx.HTTPError, ConnectionError, TimeoutError) as e:
         logger.error(f"Error during proxy service cleanup: {str(e)}")
-    except Exception as e:
+    except (ValueError, AttributeError, RuntimeError) as e:
         logger.error(f"Unexpected error during cleanup: {str(e)}")
 
     try:
         if mcp_manager:
             await mcp_manager.cleanup()
-    except Exception as e:
+    except (IOError, ConnectionError, TimeoutError) as e:
         logger.error(f"Error during MCP manager cleanup: {str(e)}")
 
     # Reset globals
diff --git a/src/ollama_mcp_bridge/utils.py b/src/ollama_mcp_bridge/utils.py
@@ -18,7 +18,7 @@ def check_ollama_health(ollama_url: str, timeout: int = 3) -> bool:
             return True
         logger.error(f"Ollama server not accessible at {ollama_url}")
         return False
-    except Exception as e:
+    except (httpx.ConnectError, httpx.ReadTimeout, httpx.HTTPError) as e:
         logger.error(f"Failed to connect to Ollama: {e}")
         return False
 
@@ -31,7 +31,7 @@ async def check_ollama_health_async(ollama_url: str, timeout: int = 3) -> bool:
                 return True
             logger.error(f"Ollama server not accessible at {ollama_url}")
             return False
-    except Exception as e:
+    except (httpx.ConnectError, httpx.ReadTimeout, httpx.HTTPError) as e:
         logger.error(f"Failed to connect to Ollama: {e}")
         return False
 
@@ -45,13 +45,13 @@ async def iter_ndjson_chunks(chunk_iterator):
             if line.strip():
                 try:
                     yield json.loads(line)
-                except Exception as e:
+                except json.JSONDecodeError as e:
                     logger.debug(f"Error parsing NDJSON line: {e}")
     # Handle any trailing data
     if buffer.strip():
         try:
             yield json.loads(buffer)
-        except Exception as e:
+        except json.JSONDecodeError as e:
             logger.debug(f"Error parsing trailing NDJSON: {e}")
 
 def validate_cli_inputs(config: str, host: str, port: int, ollama_url: str):
@@ -61,7 +61,7 @@ def validate_cli_inputs(config: str, host: str, port: int, ollama_url: str):
         raise BadParameter(f"Config file not found: {config}")
 
     # Validate port
-    if not (1 <= port <= 65535):
+    if not 1 <= port <= 65535:
         raise BadParameter(f"Port must be between 1 and 65535, got {port}")
 
     # Validate host (basic check)
