Problem

Both config.yml and config-testing.yml set cors.allowed_origins to [*]:

# api/config/config.yml:39-41
cors:
  allowed_origins:
    - *

This means any origin can make authenticated cross-origin requests to the chatbot API. A malicious page on any domain can hit every endpoint - start sessions, post messages, upload files, stream WebSocket responses - without the browser blocking anything.

Impact

• CSRF-style attacks: a user visits a malicious page while logged into Jenkins, that page silently calls the chatbot API in the user's browser context
• Data exfiltration: the malicious page reads chat history, session data, or streamed LLM responses
• This is a textbook OWASP misconfiguration (A05:2021 Security Misconfiguration)

Proposed Fix

1. Remove the wildcard and restrict to the Jenkins instance origin
2. Read allowed origins from an environment variable so deployment-specific values don't require config file changes

cors:
  allowed_origins:
    - ${CORS_ALLOWED_ORIGIN:-http://localhost:8080}

3. Update config-testing.yml to use http://localhost or http://testserver (the FastAPI test client origin)
4. Add a startup log line printing the active CORS origins for visibility

Acceptance Criteria

• config.yml no longer contains * as an allowed origin
• config-testing.yml uses a test-appropriate origin, not wildcard
• Environment variable override works for deployment flexibility
• Existing integration tests pass (may need TestClient origin header adjustments)
• No regression in local development - localhost:5173 (Vite dev server) still works

References

• chatbot-core/api/config/config.yml lines 39-41
• chatbot-core/api/config/config-testing.yml lines 39-41
• chatbot-core/api/main.py (where CORSMiddleware is added)
• OWASP A05:2021: https://owasp.org/Top10/A05_2021-Security_Misconfiguration/