From 1f1fe1f1843da7977dfafc5ae134058d2c91098e Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Apr 2026 17:37:46 +0200
Subject: [PATCH 1/2] fix(dev): disable IP seeding in dev as it does not work

---
 database/seeders/InstanceSettingsSeeder.php | 34 +++++++++++----------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/database/seeders/InstanceSettingsSeeder.php b/database/seeders/InstanceSettingsSeeder.php
index baa7abffc..930a7db8e 100644
--- a/database/seeders/InstanceSettingsSeeder.php
+++ b/database/seeders/InstanceSettingsSeeder.php
@@ -23,23 +23,25 @@ public function run(): void
             'smtp_from_address' => 'hi@localhost.com',
             'smtp_from_name' => 'Coolify',
         ]);
-        try {
-            $ipv4 = Process::run('curl -4s https://ifconfig.io')->output();
-            $ipv4 = trim($ipv4);
-            $ipv4 = filter_var($ipv4, FILTER_VALIDATE_IP);
-            $settings = instanceSettings();
-            if (is_null($settings->public_ipv4) && $ipv4) {
-                $settings->update(['public_ipv4' => $ipv4]);
+        if (! isDev()) {
+            try {
+                $ipv4 = Process::run('curl -4s https://ifconfig.io')->output();
+                $ipv4 = trim($ipv4);
+                $ipv4 = filter_var($ipv4, FILTER_VALIDATE_IP);
+                $settings = instanceSettings();
+                if (is_null($settings->public_ipv4) && $ipv4) {
+                    $settings->update(['public_ipv4' => $ipv4]);
+                }
+                $ipv6 = Process::run('curl -6s https://ifconfig.io')->output();
+                $ipv6 = trim($ipv6);
+                $ipv6 = filter_var($ipv6, FILTER_VALIDATE_IP);
+                $settings = instanceSettings();
+                if (is_null($settings->public_ipv6) && $ipv6) {
+                    $settings->update(['public_ipv6' => $ipv6]);
+                }
+            } catch (\Throwable $e) {
+                echo "Error: {$e->getMessage()}\n";
             }
-            $ipv6 = Process::run('curl -6s https://ifconfig.io')->output();
-            $ipv6 = trim($ipv6);
-            $ipv6 = filter_var($ipv6, FILTER_VALIDATE_IP);
-            $settings = instanceSettings();
-            if (is_null($settings->public_ipv6) && $ipv6) {
-                $settings->update(['public_ipv6' => $ipv6]);
-            }
-        } catch (\Throwable $e) {
-            echo "Error: {$e->getMessage()}\n";
         }
     }
 }

From 8e22ce4ba745d39b2672c0cc13023d3b0a4404ba Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Thu, 30 Apr 2026 18:23:07 +0200
Subject: [PATCH 2/2] fix(vite): restrict CORS to known origins instead of
 wildcard

Add explicit CORS allowlist covering localhost variants, APP_URL env
var, and the configured vite host/port pair. Replaces implicit open
CORS with regex-based origin matching.
---
 vite.config.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/vite.config.js b/vite.config.js
index 4b967c40e..6c706d272 100644
--- a/vite.config.js
+++ b/vite.config.js
@@ -17,6 +17,15 @@ export default defineConfig(({ mode }) => {
             },
             host: "0.0.0.0",
             allowedHosts: true,
+            cors: {
+                origin: [
+                    /^https?:\/\/localhost(:\d+)?$/,
+                    /^https?:\/\/127\.0\.0\.1(:\d+)?$/,
+                    /^https?:\/\/\[::1\](:\d+)?$/,
+                    ...(env.APP_URL ? [env.APP_URL] : []),
+                    ...(viteHost ? [`http://${viteHost}:${vitePort}`, `https://${viteHost}:${vitePort}`] : []),
+                ],
+            },
             origin: viteHost ? `http://${viteHost}:${vitePort}` : undefined,
             hmr: viteHost
                 ? { host: viteHost, clientPort: vitePort }