From e5293a5f711a9f12b490ced933569c4010ae29e8 Mon Sep 17 00:00:00 2001 From: Phillip LeBlanc Date: Wed, 20 Nov 2024 15:52:09 +0900 Subject: [PATCH] Add docs on cors runtime setting (#644) * Add docs on cors runtime setting * Update docs * Apply suggestions from code review Co-authored-by: peasee <98815791+peasee@users.noreply.github.com> --------- Co-authored-by: peasee <98815791+peasee@users.noreply.github.com> --- spiceaidocs/docs/api/http/index.md | 12 ++++++++ spiceaidocs/docs/reference/spicepod/index.md | 31 ++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/spiceaidocs/docs/api/http/index.md b/spiceaidocs/docs/api/http/index.md index 2b15e8bf..9f682ccd 100644 --- a/spiceaidocs/docs/api/http/index.md +++ b/spiceaidocs/docs/api/http/index.md @@ -14,3 +14,15 @@ import DocCardList from '@theme/DocCardList'; ## Authentication API Key authentication is supported for all HTTP routes. See [API Key Authentication](../../api/auth/index.md) for more details. + +## Cross-Origin Resource Sharing (CORS) + +CORS is disabled by default. Enable for all origins with: + +```yaml +runtime: + cors: + enabled: true +``` + +See [CORS](/reference/spicepod/index.md#runtimecors) for more details. diff --git a/spiceaidocs/docs/reference/spicepod/index.md b/spiceaidocs/docs/reference/spicepod/index.md index 0036be61..36e666c1 100644 --- a/spiceaidocs/docs/reference/spicepod/index.md +++ b/spiceaidocs/docs/reference/spicepod/index.md @@ -189,6 +189,37 @@ runtime: - `retention_period` - optional, how long records in the task history table should be retained. Default is `8h`, or 8 hours. - `retention_check_interval` - optional, how often should old records be checked for removal. Default is `15m`, or 15 minutes. +### `runtime.cors` + +The CORS section specifies the configuration for enabling Cross-Origin Resource Sharing (CORS) for the HTTP endpoint. By default, CORS is disabled. + +Default configuration: + +```yaml +runtime: + cors: + enabled: false +``` + +### `runtime.cors.enabled` + +Enables or disables CORS for the HTTP endpoint. `false` by default. + +### `runtime.cors.allowed_origins` + +A list of allowed origins for CORS requests. `["*"]` by default, which allows all origins. + +Example: + +```yaml +runtime: + cors: + enabled: true + allowed_origins: ["https://example.com"] +``` + +This configuration allows requests from the `https://example.com` origin only. + ## `metadata` An optional `map` of metadata.