Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a cors-always-allowed-origins option #8233

Merged
merged 2 commits into from
Feb 5, 2025
Merged

Add a cors-always-allowed-origins option #8233

merged 2 commits into from
Feb 5, 2025

Conversation

jaclarke
Copy link
Member

@jaclarke jaclarke commented Jan 17, 2025
edited
Loading

For cloud instances we currently default to setting the cors_allow_origins config to * to let the cloud ui make queries to the instance. But the user can change that config, which breaks the UI, and also for security it's probably better to leave the default cors_allow_origins config empty.

Since we want to allow the cloud UI to always be able to query the instance, regardless of how the user configures cors_allow_origins, this server option will allow us to set the cloud ui as an always allowed cors origin. Supporting multiple origins and wildcards is to handle the gel rename (allow both our new and old cloud ui urls to work) and for preview ui builds.

@scotttrinh
Copy link
Contributor

I wonder if we can/should use the same mechanism we use for the magic SMTP provider?

elprans
elprans reviewed Jan 17, 2025
View reviewed changes
edb/server/args.py Outdated Show resolved Hide resolved
@jaclarke jaclarke changed the title Add an override-cors-allowed-origins option Add a cors-always-allowed-origins option Jan 17, 2025
@elprans elprans added the to-backport-6.x PRs that *should* be backported to 6.x label Feb 5, 2025
@jaclarke jaclarke merged commit 9653f62 into master Feb 5, 2025
24 checks passed
@jaclarke jaclarke deleted the cors-override branch February 5, 2025 18:30
@msullivan msullivan added backported-6.x PRs that *have* been backported to 6.x and removed to-backport-6.x PRs that *should* be backported to 6.x labels Feb 5, 2025
msullivan pushed a commit that referenced this pull request Feb 5, 2025
@jaclarke @msullivan
Add a cors-always-allowed-origins option (#8233)
1c8e13b 
For cloud instances we currently default to setting the
`cors_allow_origins` config to `*` to let the cloud ui make queries to
the instance. But the user can change that config, which breaks the UI,
and also for security it's probably better to leave the default
`cors_allow_origins` config empty.

Since we want to allow the cloud UI to always be able to query the
instance, regardless of how the user configures `cors_allow_origins`,
this server option will allow us to set the cloud ui as an always
allowed cors origin. Supporting multiple origins and wildcards is to
handle the gel rename (allow both our new and old cloud ui urls to work)
and for preview ui builds.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elprans elprans elprans approved these changes

Assignees
No one assigned
Labels
backported-6.x PRs that *have* been backported to 6.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jaclarke @scotttrinh @elprans @msullivan