cognee/cognee/api/.env.example at d3dd87d90ecbba788c4f866c78806d3bfe672d01 - gmakstutis/cognee - Forgejo: Beyond coding. We Forge.

gmakstutis/cognee

Raj Mandhare 3c854b384d

Added Flexible CORS Configuration via Environment Variableadded flexibility to cors (#1109 )

<!-- .github/pull_request_template.md -->

## Description
Fixes #1086 
This PR improves the security and flexibility of the Cognee API’s CORS
(Cross-Origin Resource Sharing) configuration.
It introduces a new environment variable, CORS_ALLOWED_ORIGINS, which
allows explicit control over which origins are permitted to access the
API.
The API now reads allowed origins from the CORS_ALLOWED_ORIGINS
environment variable (comma-separated).
If the variable is not set, all cross-origin requests are blocked by
default (secure by default).
For local development, you can use:
CORS_ALLOWED_ORIGINS="http://localhost:3000"
Added a commented example to .env.example to guide users in configuring
CORS origins.
<!-- Provide a clear description of the changes in this PR -->

## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.

Signed-off-by: Raj2604 <rajmandhare26@gmail.com>
Co-authored-by: Vasilije <8619304+Vasilije1990@users.noreply.github.com>

2025-07-19 20:48:52 +02:00

5 lines

No EOL

265 B

Text

Raw Blame History

 # Comma-separated list of allowed origins for CORS (leave empty to block all cross-origin requests)
 # Example:
 # CORS_ALLOWED_ORIGINS="https://yourdomain.com,https://another.com"
 # For local development, you might use:
 # CORS_ALLOWED_ORIGINS="http://localhost:3000"