Cap Standalone is a self-hosted version of Cap's backend that allows you to spin up a server to validate and create challenges so you can use it with languages other than JS.
To install Cap Standalone, you need to have [Docker](https://docs.docker.com/get-docker/) installed on your server. Once you have it installed, you can run the following command to pull the image:
This will start the server on port 3000 and create a `cap-standalone` folder in your current directory to store the data. Change the port if needed.
Make sure to replace `your_secret_key` with a strong secret key, as anyone with it will be able to log into the dashboard and create keys.
Then, you can access the dashboard at `http://localhost:3000`, log in, and create a key. The key ID and secret will be used to configure the widget and verify the token on your server. You'll also need to make the server publicly accessible from the internet, as the widget needs to be able to reach it.
You can change the default CORS settings for redeeming tokens, generating challenges and serving assets by setting the `CORS_ORIGIN` environment variable when running the server. This defaults to `*`, which allows all origins. This will directly assign to Access-Control-Allow-Origin header.
> Does generating challenges not work? Make sure your server is publicly accessible and that `CORS_ORIGIN` is set correctly to allow requests from your website's origin.
By default, Cap Standalone updates and stores multiple files for Cap's client-side `cap.js/widget` library. This helps Cap be truly self-hosted and not depend on any external resources.
These files are stored in the `.data` folder and exposed in the following paths:
- /assets/widget.js
- /assets/floating.js
- /assets/cap_wasm_bg.wasm
- /assets/cap_wasm.js
You can use these in your app by setting the widget's script source to the appropriate path, like this:
You can and should also change the version of the widget and WASM files by setting `process.env.WIDGET_VERSION` and `process.env.WASM_VERSION`. This will help you avoid breaking changes in the future.
By default, these fetch from `process.env.CACHE_HOST`. You can change this by setting the `CACHE_HOST` environment variable when running the server. If you don't set it, it defaults to `https://cdn.jsdelivr.net`. You can also set it to `disable` to disable the assets server entirely.