-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set CORS headers #304
Set CORS headers #304
Conversation
json(data, { | ||
headers: { | ||
'Access-Control-Allow-Methods': 'GET, OPTIONS', | ||
'Access-Control-Allow-Origin': ALLOW_ORIGINS, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will be set for each request to the endpoints that use this function. Should be ok, but I can change it to only do so when called from a domain what is allowed
@@ -20,3 +20,4 @@ CODA_TOKEN = "{CODA_TOKEN}" | |||
CODA_INCOMING_TOKEN = "{CODA_INCOMING_TOKEN}" | |||
CODA_WRITES_TOKEN = "{CODA_WRITES_TOKEN}" | |||
NLP_SEARCH_ENDPOINT = "https://stampy-nlp-t6p37v2uia-uw.a.run.app/" | |||
ALLOW_ORIGINS = "https://chat.aisafety.info" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I considered also setting this in the github deployment script, but left it out for now - this is pretty much the only allowed external site. If there are more in the future, then it can be changed to '*'
or set via an actions env variable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd be happy for GET request to be allowed from any origin (*
), we don't send sensitive data 🤷
but if you want to maintain the list of allowed origins, that is also fine
@@ -20,3 +20,4 @@ CODA_TOKEN = "{CODA_TOKEN}" | |||
CODA_INCOMING_TOKEN = "{CODA_INCOMING_TOKEN}" | |||
CODA_WRITES_TOKEN = "{CODA_WRITES_TOKEN}" | |||
NLP_SEARCH_ENDPOINT = "https://stampy-nlp-t6p37v2uia-uw.a.run.app/" | |||
ALLOW_ORIGINS = "https://chat.aisafety.info" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd be happy for GET request to be allowed from any origin (*
), we don't send sensitive data 🤷
but if you want to maintain the list of allowed origins, that is also fine
The chat bot requires access to the glossary. It can either fetch it directly from Coda, or from the UI API. For the API to work, it needs to set the appropriate CORS headers