Allowing client domains
To improve security the API only allows access from well-known domains. This means that you need to configure where to allow access from. Usually, you will want to limit access to a single domain.
For that, open the application's package.json
file and set the wolkenkit/environments/default/api/allowAccessFrom
property to the domain name you want to use including the protocol.
Choose the right environment
If you use an environment different than
default
, make sure that you use the name of the appropriate environment.
E.g., to allow access from http://example.com
, use the following code:
"wolkenkit": {
"environments": {
"default": {
"api": {
"allowAccessFrom": "https://example.com"
}
}
}
}
:::
Using multiple protocols
If you want to support https
and http
, or multiple subdomains, insteaf of a single domain provide an array of multiple domains.
E.g., to allow access from https://example.com
and http://example.com
, use the following code:
"wolkenkit": {
"environments": {
"default": {
"api": {
"allowAccessFrom": [
"https://example.com",
"http://example.com"
]
}
}
}
}
Choose the right environment
If you use an environment different than
default
, make sure that you use the name of the appropriate environment.
Alternatively, you may use a regular expression that matches multiple domains.
Escape backslashes
Since the
package.json
file contains JSON, you need to escape backslashes by typing them twice.
E.g., to allow access from https://example.com
and http://example.com
using a regular expression, use the following code:
"wolkenkit": {
"environments": {
"default": {
"api": {
"allowAccessFrom": "/^https?:\\/\\/example\\.com$/"
}
}
}
}
Choose the right environment
If you use an environment different than
default
, make sure that you use the name of the appropriate environment.
Allowing access from everywhere
For development purposes, it may be desired to allow access to the API from everywhere. For that, use *
as domain name:
"wolkenkit": {
"environments": {
"default": {
"api": {
"allowAccessFrom": "*"
}
}
}
}
Choose the right environment
If you use an environment different than
default
, make sure that you use the name of the appropriate environment.