Skip to content

security: restrict server CORS to loopback origins#25606

Open
macncrash wants to merge 1 commit into
ggml-org:masterfrom
macncrash:saudit/cors-origin-allowlist
Open

security: restrict server CORS to loopback origins#25606
macncrash wants to merge 1 commit into
ggml-org:masterfrom
macncrash:saudit/cors-origin-allowlist

Conversation

@macncrash

Copy link
Copy Markdown

Summary

Server previously set Access-Control-Allow-Origin to the request Origin (any site) while advertising credentials. Combined with an often-unauthenticated local API, this enables browser CSRF-style abuse of llama-server from malicious web pages.

Change

  • Only allow loopback HTTP(S) origins for CORS reflection
  • Reject other Origins with 403
  • Narrow preflight Allow-Headers

Test plan

  • llama-server UI on loopback still loads
  • Origin: https://evil.example gets 403
  • Empty Origin (non-browser clients) still works

Disclosure

Per SECURITY.md (private program currently disabled; public PRs preferred).
Reporter: macncrash · AI-assisted analysis; human-verified.

Reflecting the request Origin header with credentials allowed any browser
origin to make cross-origin requests against a local llama-server API that
often has no API key configured.

Restrict Access-Control-Allow-Origin to localhost/127.0.0.1 origins and
reject other Origins with 403. Narrow Allow-Headers for preflight.

Reporter: macncrash
@macncrash macncrash requested a review from a team as a code owner July 13, 2026 01:42
@ggml-gh-bot

ggml-gh-bot Bot commented Jul 13, 2026

Copy link
Copy Markdown

Hi @macncrash, thanks for your contribution!

Per our contribution guidelines, the automated PR checker found the following issue(s) that need your attention:

  • PR Template not respected: Please respect the template when creating a new pull request. Make sure to fill out all required sections.

Please note that maintainers reserve the right to make final decisions on PRs. If you believe there is a mistake, please comment below.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants