docs: clarify CORS configuration options (#1011)

* docs: clarify CORS configuration options * docs: use double quotes
5 years ago · e3c30defbe
parent 4ea5aa0014
commit e3c30defbe
2 changed files with 11 additions and 1 deletions
--- a/website/content/docs/configuration/controller.mdx
+++ b/website/content/docs/configuration/controller.mdx
@ -136,7 +136,7 @@ listener "tcp" {
  # Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s)
  # to appropriate values.
  #cors_enabled = true
-  #cors_allowed_origins = ["yourcorp.yourdomain.com"]
+  #cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"]
 }

 # Data-plane listener configuration block (used for worker coordination)
--- a/website/content/docs/configuration/listener/tcp.mdx
+++ b/website/content/docs/configuration/listener/tcp.mdx
@ -61,6 +61,16 @@ allowed.
  request duration allowed before Boundary cancels the request. This overrides
  `default_max_request_duration` for this listener.

+- `cors_enabled` `(boolean: true)` - Specifies if CORS should be enabled, which
+  allows Boundary to support external browser-based clients (not including
+  admin UI), such as Boundary Desktop.
+
+- `cors_allowed_origins` `(array(string): ["serve://boundary"])` - an array of
+  allowed CORS origins. Origins must include protocol, host, and port (if port
+  is different than the default for the specified protocol).
+  To allow all origins, set to `['*']`. By default, Boundary Desktop's origin
+  `serve://boundary` is allowed.
+
 ### TLS

 ~> All `tls` parameters are valid only for the `api` listener. `cluster` and