Add loopback CORS support for Code Bridge by shiny-code-bot · Pull Request #108 · cbusillo/codex-lab

shiny-code-bot · 2026-06-16T16:25:55Z

Summary

allow loopback browser origins to preflight Code Bridge /message and /events requests
add CORS headers to loopback-origin bridge responses, including auth and payload errors browsers need to read
document that browser clients need a fetch-based SSE reader because native EventSource cannot send the bridge auth/session headers

This is a prerequisite for the live browser-app witness in #36. It does not claim full browser automation yet.

Refs #36

cargo fmt --manifest-path codex-rs/Cargo.toml --package codex-code-bridge-service -- --check
cargo test --manifest-path codex-rs/Cargo.toml -p codex-code-bridge-service --no-fail-fast
cargo test --manifest-path codex-rs/Cargo.toml -p codex-code-bridge-client browser_fixture_round_trips_nonblank_screenshot_and_control --no-fail-fast
Review agents: CORS/security review found no issues; browser-prep review gaps were addressed with /events coverage and an SSE header limitation comment.

Add loopback CORS support for Code Bridge

2e50e2e

shiny-code-bot merged commit 3e2332d into main Jun 16, 2026
6 checks passed

shiny-code-bot deleted the code-bridge-live-browser-witness branch June 16, 2026 16:40

shiny-code-bot mentioned this pull request Jun 16, 2026

Scope minimal Code Bridge vertical slice #36

Closed

4 tasks