CORS resource pattern for /console/api routes

[NeatGuyCoding]

Self Checks

• I have read the Contributing Guide and Language Policy.
• This is only for bug report, if you would like to ask a question, please head to Discussions.
• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report, otherwise it will be closed.
• 【中文用户 & Non English User】请使用英语提交，否则会被关闭 ：）
• Please do not modify this template :) and fill in all the required fields.

Dify version

latest

Cloud or Self Hosted

Self Hosted (Source)

Steps to reproduce

1. Configure CORS for FastOpenAPI console routes in dify/api/extensions/ext_fastopenapi.py
2. The CORS resource pattern uses r"/console/api/*" which is incorrect regex syntax
3. Flask-CORS fails to match subpaths like /console/api/users/xxx or /console/api/settings/xxx

✔️ Expected Behavior

CORS should be properly configured for all routes under /console/api/ including all subpaths. The regex pattern should match paths like:

• /console/api/users
• /console/api/settings
• /console/api/workspaces/123

❌ Actual Behavior

No response

[dosubot]

The current CORS resource pattern in your code, r"/console/api/*", is not a valid Python regular expression and won't match all subpaths as intended. Flask-CORS expects a Python regex, not a shell-style glob. To match all routes under /console/api/, including subpaths like /console/api/users/xxx, you should update the pattern to r"/console/api/.*" in your CORS configuration. This change will ensure CORS is properly applied to all relevant endpoints as discussed in the code.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}