Skip to content

MNT: Remove deprecated NB_API_ALLOWED_ORIGINS variable #410#540

Open
AviJxn wants to merge 3 commits into
neurobagel:mainfrom
AviJxn:fix/remove-allowed-origins
Open

MNT: Remove deprecated NB_API_ALLOWED_ORIGINS variable #410#540
AviJxn wants to merge 3 commits into
neurobagel:mainfrom
AviJxn:fix/remove-allowed-origins

Conversation

@AviJxn

@AviJxn AviJxn commented Mar 6, 2026

Copy link
Copy Markdown

This PR implements the removal of the deprecated NB_API_ALLOWED_ORIGINS environment variable as discussed in issue #410. Since the API no longer connects to a node API with frontend tools, this configuration is no longer required.

Changes:

Settings: Removed allowed_origins from the Settings model in app/api/env_settings.py.

Middleware: Removed CORSMiddleware and its associated logic from app/main.py.

Utilities: Deleted the orphaned parse_origins_as_list helper function in app/api/utility.py.

Tests: Removed deprecated test cases in tests/test_app_events.py and updated tests/test_settings.py to reflect the change.

Linting: Cleaned up unused imports and verified formatting with pre-commit hooks (Black, Flake8, isort).

Testing:

Successfully ran pytest locally with all 141 tests passing.

Verified that the API starts correctly without the NB_API_ALLOWED_ORIGINS variable.

Fixes: #410

Summary by Sourcery

Remove deprecated configuration and CORS handling related to NB_API_ALLOWED_ORIGINS.

Enhancements:

  • Remove NB_API_ALLOWED_ORIGINS setting and its usage from the application configuration and startup logic.
  • Drop CORS middleware and associated origin-parsing utility now that cross-origin access configuration is no longer supported.

Tests:

  • Remove tests covering NB_API_ALLOWED_ORIGINS behavior and update settings tests to reflect the configuration removal.

@sourcery-ai

sourcery-ai Bot commented Mar 6, 2026

Copy link
Copy Markdown
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Removes all support for the deprecated NB_API_ALLOWED_ORIGINS setting, including configuration, CORS middleware, helper utilities, and associated tests, and cleans up related lint issues.

Class diagram for updated Settings model without NB_API_ALLOWED_ORIGINS

classDiagram
    class Settings {
        <<BaseSettings>>
        str api_root_path
        str|None graph_username
        str|None graph_password
        str graph_address
    }
Loading

File-Level Changes

Change Details Files
Remove NB_API_ALLOWED_ORIGINS from settings and environment validation.
  • Delete the allowed_origins field from the Settings Pydantic model so the NB_API_ALLOWED_ORIGINS env var is no longer read.
  • Remove the warning in environment validation that handled a missing allowed_origins configuration.
app/api/env_settings.py
app/main.py
Remove CORS configuration that depended on NB_API_ALLOWED_ORIGINS.
  • Delete CORSMiddleware registration on the FastAPI app that used util.parse_origins_as_list(settings.allowed_origins).
  • Drop the dependency on the utility function for parsing allowed origins.
app/main.py
Delete obsolete helper that parsed allowed origins from a string.
  • Remove parse_origins_as_list from the utilities module as it is no longer used anywhere in the codebase.
app/api/utility.py
Update and remove tests that covered NB_API_ALLOWED_ORIGINS behavior.
  • Remove tests that asserted logging and parsing behavior when allowed_origins was unset or set.
  • Update settings tests to no longer assert the presence of allowed_origins in Settings.
tests/test_app_events.py
tests/test_settings.py

Assessment against linked issues

Issue Objective Addressed Explanation
#410 Remove the NB_API_ALLOWED_ORIGINS-related configuration and behavior from the API codebase (settings field, CORS usage, and any helper logic).
#410 Update or remove tests that depend on NB_API_ALLOWED_ORIGINS or allowed_origins so the test suite reflects the new behavior.

Possibly linked issues


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@github-actions github-actions Bot added the _community [BOT ONLY] PR label for community contributions. Used for tracking label Mar 6, 2026

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've reviewed this pull request using the Sourcery rules engine

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes the deprecated NB_API_ALLOWED_ORIGINS configuration and the corresponding CORS handling, aligning the API with the current deployment/runtime needs discussed in #410.

Changes:

  • Removed allowed_origins from the Pydantic Settings model.
  • Removed FastAPI CORSMiddleware setup and related startup validation logic.
  • Updated tests to drop deprecated NB_API_ALLOWED_ORIGINS behaviors.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
app/api/env_settings.py Removes the NB_API_ALLOWED_ORIGINS setting from the Settings model.
app/main.py Removes CORS middleware and the startup warning logic tied to allowed origins.
tests/test_app_events.py Removes deprecated allowed-origins startup tests and related imports.
tests/test_settings.py Updates settings test expectations to no longer assert allowed_origins.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread app/main.py
Comment thread tests/test_app_events.py Outdated
AviJxn and others added 2 commits May 4, 2026 20:26
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Removed the parse_origins_as_list function which converted a string of allowed origins into a list.
@AviJxn

AviJxn commented May 5, 2026

Copy link
Copy Markdown
Author

Addressed review feedback:

  • Removed unused parse_origins_as_list helper after CORS removal
  • Cleaned up all related references and tests

Ready for review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

_community [BOT ONLY] PR label for community contributions. Used for tracking

Projects

Status: Community

Development

Successfully merging this pull request may close these issues.

Remove NB_API_ALLOWED_ORIGINS

2 participants