From 3f364ce811d1d3d916fcc89640928dd4780ed0da Mon Sep 17 00:00:00 2001 From: Phillip LeBlanc Date: Wed, 20 Nov 2024 13:30:09 +0900 Subject: [PATCH 1/3] Add docs on cors runtime setting --- spiceaidocs/docs/api/http/index.md | 4 +++ spiceaidocs/docs/reference/spicepod/index.md | 32 ++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/spiceaidocs/docs/api/http/index.md b/spiceaidocs/docs/api/http/index.md index 2b15e8bf..e65bf7f1 100644 --- a/spiceaidocs/docs/api/http/index.md +++ b/spiceaidocs/docs/api/http/index.md @@ -14,3 +14,7 @@ import DocCardList from '@theme/DocCardList'; ## Authentication API Key authentication is supported for all HTTP routes. See [API Key Authentication](../../api/auth/index.md) for more details. + +## Cross-Origin Resource Sharing (CORS) + +CORS is enabled by default with all origins. See [CORS](/reference/spicepod/index.md#runtimecors) for more details. diff --git a/spiceaidocs/docs/reference/spicepod/index.md b/spiceaidocs/docs/reference/spicepod/index.md index 0036be61..fd59e2de 100644 --- a/spiceaidocs/docs/reference/spicepod/index.md +++ b/spiceaidocs/docs/reference/spicepod/index.md @@ -189,6 +189,38 @@ runtime: - `retention_period` - optional, how long records in the task history table should be retained. Default is `8h`, or 8 hours. - `retention_check_interval` - optional, how often should old records be checked for removal. Default is `15m`, or 15 minutes. +### `runtime.cors` + +The CORS section specifies the configuration for enabling Cross-Origin Resource Sharing (CORS) for the HTTP endpoint. By default, CORS is enabled with all origins. + +Default configuration: + +```yaml +runtime: + cors: + enabled: true + allowed_origins: ["*"] +``` + +### `runtime.cors.enabled` + +Enables or disables CORS for the HTTP endpoint. `true` by default. + +### `runtime.cors.allowed_origins` + +A list of allowed origins for CORS requests. `["*"]` by default, which allows all origins. + +Example: + +```yaml +runtime: + cors: + enabled: true + allowed_origins: ["https://example.com"] +``` + +This configuration allows requests from the `https://example.com` origin only. + ## `metadata` An optional `map` of metadata. From e5ef0a5ed8e87a19845cae22acd2b8c22de098f4 Mon Sep 17 00:00:00 2001 From: Phillip LeBlanc Date: Wed, 20 Nov 2024 14:25:11 +0900 Subject: [PATCH 2/3] Update docs --- spiceaidocs/docs/api/http/index.md | 10 +++++++++- spiceaidocs/docs/reference/spicepod/index.md | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/spiceaidocs/docs/api/http/index.md b/spiceaidocs/docs/api/http/index.md index e65bf7f1..9f682ccd 100644 --- a/spiceaidocs/docs/api/http/index.md +++ b/spiceaidocs/docs/api/http/index.md @@ -17,4 +17,12 @@ API Key authentication is supported for all HTTP routes. See [API Key Authentica ## Cross-Origin Resource Sharing (CORS) -CORS is enabled by default with all origins. See [CORS](/reference/spicepod/index.md#runtimecors) for more details. +CORS is disabled by default. Enable for all origins with: + +```yaml +runtime: + cors: + enabled: true +``` + +See [CORS](/reference/spicepod/index.md#runtimecors) for more details. diff --git a/spiceaidocs/docs/reference/spicepod/index.md b/spiceaidocs/docs/reference/spicepod/index.md index fd59e2de..3e4b5020 100644 --- a/spiceaidocs/docs/reference/spicepod/index.md +++ b/spiceaidocs/docs/reference/spicepod/index.md @@ -204,7 +204,7 @@ runtime: ### `runtime.cors.enabled` -Enables or disables CORS for the HTTP endpoint. `true` by default. +Enables or disables CORS for the HTTP endpoint. `false` by default. ### `runtime.cors.allowed_origins` From fe9209f362be2004f773b3ac691a140ea868b4e5 Mon Sep 17 00:00:00 2001 From: Phillip LeBlanc Date: Wed, 20 Nov 2024 14:59:58 +0900 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: peasee <98815791+peasee@users.noreply.github.com> --- spiceaidocs/docs/reference/spicepod/index.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/spiceaidocs/docs/reference/spicepod/index.md b/spiceaidocs/docs/reference/spicepod/index.md index 3e4b5020..36e666c1 100644 --- a/spiceaidocs/docs/reference/spicepod/index.md +++ b/spiceaidocs/docs/reference/spicepod/index.md @@ -191,15 +191,14 @@ runtime: ### `runtime.cors` -The CORS section specifies the configuration for enabling Cross-Origin Resource Sharing (CORS) for the HTTP endpoint. By default, CORS is enabled with all origins. +The CORS section specifies the configuration for enabling Cross-Origin Resource Sharing (CORS) for the HTTP endpoint. By default, CORS is disabled. Default configuration: ```yaml runtime: cors: - enabled: true - allowed_origins: ["*"] + enabled: false ``` ### `runtime.cors.enabled`