allowed_origins

Origin validation utilities.

pipecat.utils.security.allowed_origins.default_allowed_origins() list[str][source]

Return allowed origins from the PIPECAT_ALLOWED_ORIGINS env var.

Parses a comma-separated list of origin strings. Returns an empty list (allow all) when the variable is unset or empty.

pipecat.utils.security.allowed_origins.is_origin_allowed(origin: str, allowed_origins: list[str]) bool[source]

Return whether origin is permitted by allowed_origins.

Parameters:
  • origin – The value of the Origin header, or an empty string if absent.

  • allowed_origins – List of allowed origin strings. An empty list allows all origins. When non-empty, a missing or disallowed origin is rejected.