What is the purpose of Settings -> Security -> CORS origins
As compared to the CORS_ORIGIN
setting in app.yml
## Enable Cross-origin resource sharing so that SSO works properly
DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: '*'
What is the purpose of Settings -> Security -> CORS origins
As compared to the CORS_ORIGIN
setting in app.yml
## Enable Cross-origin resource sharing so that SSO works properly
DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: '*'
Not sure, @neil can you elaborate?
In a multisite setup, like our hosting, each site can have its own allowed origins by using the “cors origins” setting. Setting DISCOURSE_CORS_ORIGIN in app.yml will be global to all sites, which probably isn’t what you want in multisite. If you only have one site in a container, then using DISCOURSE_CORS_ORIGIN and “cors origins” will be the same.