Set CORS headers #304
Set CORS headers #304
Conversation
| json(data, { | ||
| headers: { | ||
| 'Access-Control-Allow-Methods': 'GET, OPTIONS', | ||
| 'Access-Control-Allow-Origin': ALLOW_ORIGINS, |
There was a problem hiding this comment.
this will be set for each request to the endpoints that use this function. Should be ok, but I can change it to only do so when called from a domain what is allowed
| @@ -20,3 +20,4 @@ CODA_TOKEN = "{CODA_TOKEN}" | |||
| CODA_INCOMING_TOKEN = "{CODA_INCOMING_TOKEN}" | |||
| CODA_WRITES_TOKEN = "{CODA_WRITES_TOKEN}" | |||
| NLP_SEARCH_ENDPOINT = "https://stampy-nlp-t6p37v2uia-uw.a.run.app/" | |||
| ALLOW_ORIGINS = "https://chat.aisafety.info" | |||
There was a problem hiding this comment.
I considered also setting this in the github deployment script, but left it out for now - this is pretty much the only allowed external site. If there are more in the future, then it can be changed to '*' or set via an actions env variable
There was a problem hiding this comment.
I'd be happy for GET request to be allowed from any origin (*), we don't send sensitive data 🤷
but if you want to maintain the list of allowed origins, that is also fine
| @@ -20,3 +20,4 @@ CODA_TOKEN = "{CODA_TOKEN}" | |||
| CODA_INCOMING_TOKEN = "{CODA_INCOMING_TOKEN}" | |||
| CODA_WRITES_TOKEN = "{CODA_WRITES_TOKEN}" | |||
| NLP_SEARCH_ENDPOINT = "https://stampy-nlp-t6p37v2uia-uw.a.run.app/" | |||
| ALLOW_ORIGINS = "https://chat.aisafety.info" | |||
There was a problem hiding this comment.
I'd be happy for GET request to be allowed from any origin (*), we don't send sensitive data 🤷
but if you want to maintain the list of allowed origins, that is also fine
The chat bot requires access to the glossary. It can either fetch it directly from Coda, or from the UI API. For the API to work, it needs to set the appropriate CORS headers