Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion core/server-ng/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ ignored = [
"strum",
"sysinfo",
"tempfile",
"tower-http",
"tracing-appender",
"tracing-opentelemetry",
"ulid",
Expand Down
13 changes: 9 additions & 4 deletions core/server-ng/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -65,19 +65,24 @@ enabled = true
allowed_methods = ["GET", "POST", "PUT", "DELETE"]

# Defines which origins are permitted to make cross-origin requests.
# An asterisk "*" allows all origins. Specific domains can be listed to restrict access.
# An asterisk "*" as the first entry allows all origins (any entries after it
# are ignored); "*" in any other position fails the config. Specific domains
# can be listed to restrict access.
allowed_origins = ["*"]

# Lists allowed headers that can be used in CORS requests.
# For example, ["content-type"] permits only the content-type header.
allowed_headers = ["content-type", "authorization"]

# Headers that browsers are allowed to access in CORS responses.
# An empty array means no additional headers are exposed to browsers.
exposed_headers = [""]
# `x-iggy-view` carries the current VSR view number; exposing it lets browser
# clients read it on cross-origin responses.
exposed_headers = ["x-iggy-view"]

# Determines if credentials like cookies or HTTP auth can be included in CORS requests.
# `true` allows credentials to be included, useful for authenticated sessions.
# `true` allows credentials to be included, useful for authenticated sessions;
# it requires explicit (non-wildcard) allowed_origins, allowed_headers, and
# exposed_headers.
# `false` prevents credentials, enhancing privacy and security.
allow_credentials = false

Expand Down
Loading
Loading