From e4f1d573a8cb2b33f6efcaa4692df0a8c0afe92b Mon Sep 17 00:00:00 2001 From: Tiago <70700766+tiagorangel1@users.noreply.github.com> Date: Fri, 16 May 2025 13:27:27 +0100 Subject: [PATCH] docs: add docs for standalone CORS --- docs/guide/standalone.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/guide/standalone.md b/docs/guide/standalone.md index 65cc785..b845ea4 100644 --- a/docs/guide/standalone.md +++ b/docs/guide/standalone.md @@ -29,6 +29,10 @@ Make sure to replace `your_secret_key` with a strong secret key, as anyone with Then, you can access the dashboard at `http://localhost:3000`, log in, and create a key. The key ID and secret will be used to configure the widget and verify the token on your server. You'll also need to make the server publicly accessible from the internet, as the widget needs to be able to reach it. +### CORS + +You can change the default CORS settings for redeeming tokens and generating challenges by setting the `CORS_ORIGIN` environment variable when running the server. This defaults to `*`, which allows all origins. This will directly assign to Access-Control-Allow-Origin header. + ## Usage ### Client-side