What is the purpose of Settings -> Security -> CORS origins vs similar environment setting?

ckamps · November 7, 2015, 12:58pm

What is the purpose of Settings -> Security -> CORS origins

As compared to the CORS_ORIGIN setting in app.yml

  ## Enable Cross-origin resource sharing so that SSO works properly
  DISCOURSE_ENABLE_CORS: true
  DISCOURSE_CORS_ORIGIN: '*'

codinghorror · November 8, 2015, 12:46am

Not sure, @neil can you elaborate?

neil · November 9, 2015, 3:48pm

In a multisite setup, like our hosting, each site can have its own allowed origins by using the “cors origins” setting. Setting DISCOURSE_CORS_ORIGIN in app.yml will be global to all sites, which probably isn’t what you want in multisite. If you only have one site in a container, then using DISCOURSE_CORS_ORIGIN and “cors origins” will be the same.

Topic		Replies	Views
DISCOURSE_ENABLE_CORS not impacting Nginx config Installation	3	1403	October 13, 2015
Setup Cross-Origin Resource Sharing (CORS) Self-Hosting how-to	1	1312	July 7, 2023
What are the risks of enabling Cross-origin resource sharing (DISCOURSE_ENABLE_CORS) Support	5	5728	December 28, 2021
No 'Access-Control-Allow-Origin' header is present despite setting DISCOURSE_ENABLE_CORS: true Support	7	1468	October 28, 2021
Set DISCOURSE_ENABLE_CORS for hosted forum Hosting	5	2444	October 7, 2022

What is the purpose of Settings -> Security -> CORS origins vs similar environment setting?

Related topics