mirror/doorman
1
0
Fork 0
mirror of https://github.com/apidoorman/doorman.git synced 2026-02-10 03:28:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
d9aba331ee45aa8ae69feb75dd7e6997e4bebbbf
doorman/user-docs/TOOLS.md
seniorswe 507fb544cc user guides
2025-09-26 22:55:34 -04:00

1.2 KiB
Raw Blame History

Tools and Diagnostics

This page describes built-in tools available to help operate and troubleshoot your Doorman gateway.

CORS Checker

Validate your CORS configuration without trial-and-error in a browser.

  • UI: Navigate to /tools in the web client (requires manage_security permission).
  • API: POST /platform/tools/cors/check (requires manage_security).

Request body:

{
  "origin": "https://app.example.com",
  "method": "GET",
  "request_headers": ["Content-Type", "Authorization"],
  "with_credentials": true
}

Response highlights:

  • config: Effective CORS configuration derived from environment variables.
  • preflight: Whether the preflight would be allowed and the headers that would be returned.
  • actual: Whether an actual request would be allowed and expected response headers.
  • notes: Guidance for common misconfigurations (e.g., wildcard with credentials).

Environment variables considered:

  • ALLOWED_ORIGINS, ALLOW_METHODS, ALLOW_HEADERS, ALLOW_CREDENTIALS, CORS_STRICT.

Tips:

  • Avoid * origins when ALLOW_CREDENTIALS=true; explicitly list origins or enable CORS_STRICT=true.
  • If ALLOW_HEADERS='*' is set with credentials, the gateway applies a conservative default set.
Reference in New Issue View Git Blame Copy Permalink