From 6ee994857a9e677cb36dec9b8bfb44303c3becd5 Mon Sep 17 00:00:00 2001
From: Roo Code <roomote@roocode.com>
Date: Sun, 26 Apr 2026 22:12:24 +0000
Subject: [PATCH] security: fix CORS misconfiguration and unclosed file handle

- Make CORS origins configurable via cors_allow_origins server setting
- Disable allow_credentials when using wildcard origins (per CORS spec)
- Fix unclosed file handle in hf_tokenizer_config_path loading (model.py)
---
 llama_cpp/server/app.py      | 4 ++--
 llama_cpp/server/model.py    | 7 ++++---
 llama_cpp/server/settings.py | 4 ++++
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/llama_cpp/server/app.py b/llama_cpp/server/app.py
index 5120f24162..e36055a11a 100644
--- a/llama_cpp/server/app.py
+++ b/llama_cpp/server/app.py
@@ -139,8 +139,8 @@ def create_app(
     )
     app.add_middleware(
         CORSMiddleware,
-        allow_origins=["*"],
-        allow_credentials=True,
+        allow_origins=server_settings.cors_allow_origins,
+        allow_credentials=True if server_settings.cors_allow_origins != ["*"] else False,
         allow_methods=["*"],
         allow_headers=["*"],
     )
diff --git a/llama_cpp/server/model.py b/llama_cpp/server/model.py
index 11bd363b56..0790b616da 100644
--- a/llama_cpp/server/model.py
+++ b/llama_cpp/server/model.py
@@ -198,9 +198,10 @@ def load_llama_from_model_settings(settings: ModelSettings) -> llama_cpp.Llama:
             assert (
                 settings.hf_tokenizer_config_path is not None
             ), "hf_tokenizer_config_path must be set for hf-tokenizer-config"
-            chat_handler = llama_cpp.llama_chat_format.hf_tokenizer_config_to_chat_completion_handler(
-                json.load(open(settings.hf_tokenizer_config_path))
-            )
+            with open(settings.hf_tokenizer_config_path) as f:
+                chat_handler = llama_cpp.llama_chat_format.hf_tokenizer_config_to_chat_completion_handler(
+                    json.load(f)
+                )
 
         tokenizer: Optional[llama_cpp.BaseLlamaTokenizer] = None
         if settings.hf_pretrained_model_name_or_path is not None:
diff --git a/llama_cpp/server/settings.py b/llama_cpp/server/settings.py
index 13c9512419..fc09248f7d 100644
--- a/llama_cpp/server/settings.py
+++ b/llama_cpp/server/settings.py
@@ -216,6 +216,10 @@ class ServerSettings(BaseSettings):
         default=None,
         description="API key for authentication. If set all requests need to be authenticated.",
     )
+    cors_allow_origins: List[str] = Field(
+        default=["*"],
+        description="Allowed CORS origins. Use ['*'] to allow all origins (not recommended for production).",
+    )
     interrupt_requests: bool = Field(
         default=True,
         description="Whether to interrupt requests when a new request is received.",