apunkt/dograh
1
0
Fork 0
mirror of https://github.com/dograh-hq/dograh.git synced 2026-06-07 07:55:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix: harden CORS origin allow list

Browse source 
Fixes #322
This commit is contained in:
Abhishek Kumar 2026-05-27 15:36:48 +05:30
parent 6d78537297
commit 6f79bd67eb
5 changed files with 38 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/developer/environment-variables.mdx
View file

@ -56,6 +56,7 @@ Never use the placeholder `OSS_JWT_SECRET` in a production deployment. Generate
| `UI_APP_URL` | `http://localhost:3010` | URL of the frontend application |
| `MPS_API_URL` | `https://services.dograh.com` | Dograh Managed Platform Services URL |
| `DOGRAH_MPS_SECRET_KEY` | `null` | **Required for non-OSS deployments.** Secret key for authenticating with MPS |
| `CORS_ALLOWED_ORIGINS` | `null` | **Required for non-OSS deployments.** Comma-separated list of origins allowed to make credentialed cross-origin requests (e.g. `https://app.example.com,https://admin.example.com`). Ignored in OSS mode, which serves a permissive same-origin policy without credentials |
---