diff --git a/docs/cli/ory-proxy.md b/docs/cli/ory-proxy.md index efa2d954a..f05399119 100644 --- a/docs/cli/ory-proxy.md +++ b/docs/cli/ory-proxy.md @@ -36,16 +36,27 @@ Once your project is ready, pass the project’s slug to the proxy command: ### Local development -For local development, use the `--dev` flag to apply a relaxed security setting: +For local development, use: - $ ory proxy --dev --project http://localhost:3000 + $ ory proxy --project http://localhost:3000 The first argument, `application-url`, points to your application's location. If running both the proxy and your app on the same host, this could be `localhost`. All traffic sent to the Ory Proxy will be forwarded to this URL. -The second argument, `publish-url`, is optional and only necessary for production scenarios. It specifies the public URL of your application (e.g., `https://www.example.org`). If `publish-url` is not set, it defaults to the host and port the proxy listens on. +The second argument, `publish-url`, is optional and only necessary when the local app is not running on localhost. It specifies the public URL of your application (e.g., `https://www.example.org`). If `publish-url` is not set, it defaults to the host and port the proxy listens on. **Important**: The Ory Proxy is intended for development use only and should not be used in production environments. +### CORS + +You can restrict the CORS domains using the `--allowed-cors-origins` flag: + + $ ory proxy http://localhost:3000 https://app.example.com \ + --allowed-cors-origins https://www.example.org \ + --allowed-cors-origins https://api.example.org \ + --allowed-cors-origins https://www.another-app.com + +Per default, CORS is enabled for all origins. + ### Connecting in automated environments To connect the Ory Tunnel in automated environments, create a Project API Key for your project and set it as an environment variable: @@ -76,8 +87,6 @@ If the proxy runs on a subdomain and you want Ory’s cookies (e.g., session coo $ ory proxy --project \ --cookie-domain gateway.local \ - --allowed-cors-origins https://www.gateway.local \ - --allowed-cors-origins https://api.gateway.local \ http://127.0.0.1:3000 \ https://ory.gateway.local @@ -140,11 +149,7 @@ ory proxy [] [flags] ### Examples ``` -ory proxy http://localhost:3000 --dev -ory proxy http://localhost:3000 https://app.example.com \ - --allowed-cors-origins https://www.example.org \ - --allowed-cors-origins https://api.example.org \ - --allowed-cors-origins https://www.another-app.com +ory proxy http://localhost:3000 ``` @@ -157,7 +162,7 @@ ory proxy http://localhost:3000 https://app.example.com \ --cookie-domain string Set a dedicated cookie domain. --debug Use this flag to debug, for example, CORS requests. --default-redirect-url url Set the URL to redirect to per default after e.g. login or account creation. - --dev Use this flag when developing locally. + --dev This flag is deprecated as the command is only supposed to be used during development. (default true) -h, --help help for proxy --no-jwt Do not create a JWT from the Ory Session. Useful if you need fast start up times of the Ory Proxy. --open Open the browser when the proxy starts. diff --git a/docs/cli/ory-tunnel.md b/docs/cli/ory-tunnel.md index 84e885fe0..7429ca27f 100644 --- a/docs/cli/ory-tunnel.md +++ b/docs/cli/ory-tunnel.md @@ -47,11 +47,23 @@ This will prevent the browser window from opening. ### Local development -When developing locally, use the --dev flag to enable a more relaxed security configuration: +For local development, use: - $ ory tunnel --dev --project http://localhost:3000 + $ ory tunnel --project http://localhost:3000 + +### CORS + +You can restrict the CORS domains using the `--allowed-cors-origins` flag: + + $ ory tunnel http://localhost:3000 https://app.example.com \ + --allowed-cors-origins https://www.example.org \ + --allowed-cors-origins https://api.example.org \ + --allowed-cors-origins https://www.another-app.com + +Per default, CORS is enabled for all origins. + +### Running behind a gateway (development only) -Running behind a gateway (development only) Important: The Ory Tunnel is designed for development purposes only and should not be used in production environments. If you need to run the tunnel behind a gateway during development, you can specify the optional second argument, tunnel-url, to define the domain where the Ory Tunnel will run (for example, https://ory.example.org). @@ -61,9 +73,7 @@ Example: $ ory tunnel --project \ https://www.example.org \ https://auth.example.org \ - --cookie-domain example.org \ - --allowed-cors-origins https://www.example.org \ - --allowed-cors-origins https://api.example.org + --cookie-domain example.org Note: You cannot set a path in the `tunnel-url`. @@ -101,11 +111,7 @@ ory tunnel [] [flags] ### Examples ``` -ory tunnel http://localhost:3000 --dev -ory tunnel https://app.example.com \ - --allowed-cors-origins https://www.example.org \ - --allowed-cors-origins https://api.example.org \ - --allowed-cors-origins https://www.another-app.com +ory tunnel http://localhost:3000 ``` @@ -118,7 +124,7 @@ ory tunnel https://app.example.com \ --cookie-domain string Set a dedicated cookie domain. --debug Use this flag to debug, for example, CORS requests. --default-redirect-url url Set the URL to redirect to per default after e.g. login or account creation. - --dev Use this flag when developing locally. + --dev This flag is deprecated as the command is only supposed to be used during development. (default true) -h, --help help for tunnel --port int The port the proxy should listen on. (default 4000) --project string The project to use, either project ID or a (partial) slug.