Agent-Logs-Url: https://github.com/SamueleLorefice/MilkyShots/sessions/ff435695-5dfd-4eb0-8f11-36ba41026ccf Co-authored-by: SamueleLorefice <6562494+SamueleLorefice@users.noreply.github.com>
96 lines
3.0 KiB
Markdown
96 lines
3.0 KiB
Markdown
# Milky Shots
|
|
|
|
<img src="MilkyShotLogoWhite.svg" alt="MilkyShot logo" width="500" align="center" >
|
|
|
|
_A place where to look for images_
|
|
|
|
**TODO: fill more information here**
|
|
|
|
## Configuration
|
|
|
|
### CORS allowed origins
|
|
|
|
The API uses a CORS policy to control which browser origins may call it.
|
|
Allowed origins are configured via the `CorsAllowedOrigins` key.
|
|
|
|
**`appsettings.json` (default / development)**
|
|
|
|
```json
|
|
{
|
|
"CorsAllowedOrigins": [ "http://localhost:5269", "http://localhost:8080" ]
|
|
}
|
|
```
|
|
|
|
**Environment variable (Docker / production)**
|
|
|
|
Set the `CorsAllowedOrigins` environment variable to a **semicolon-separated** list of
|
|
origins. This value **replaces** the entire array from `appsettings.json`, so you must
|
|
list every origin you want to allow:
|
|
|
|
```
|
|
CorsAllowedOrigins=http://myserver:8080
|
|
# or multiple origins:
|
|
CorsAllowedOrigins=http://myserver:8080;https://myserver.example.com
|
|
```
|
|
|
|
To allow any origin (useful when the server IP is unknown at deploy time):
|
|
|
|
```
|
|
CorsAllowedOrigins=*
|
|
```
|
|
|
|
> **⚠️ Security warning:** Setting `CorsAllowedOrigins=*` disables CORS origin
|
|
> checking entirely — **any** website can make authenticated requests to the API from
|
|
> a visitor's browser. Only use this option in fully trusted, self-hosted environments
|
|
> where you control all network access. For any internet-facing deployment always
|
|
> specify explicit origins instead.
|
|
|
|
This is already set up in `docker-compose.yml` — override it with your server's
|
|
hostname/IP if you are not running on localhost.
|
|
|
|
### Configuring CORS for the MilkStream frontend
|
|
|
|
MilkStream is the Blazor WASM frontend that talks to the Lactose API. Because the
|
|
browser fetches the API directly, the **origin of MilkStream as seen by the browser**
|
|
must be listed in `CorsAllowedOrigins` on the Lactose service.
|
|
|
|
The two services are mapped in `docker-compose.yml` as follows:
|
|
|
|
| Service | Container port | Host port | Browser URL (default) |
|
|
|------------|---------------|-----------|----------------------|
|
|
| `lactose` | 8080 | **5162** | `http://yourserver:5162` |
|
|
| `milkstream`| 8080 | **8080** | `http://yourserver:8080` |
|
|
|
|
MilkStream's URL (`http://yourserver:8080`) must be added to Lactose's allowed origins,
|
|
and `LactoseBaseUrl` on MilkStream must point to the URL the **browser** uses to reach
|
|
Lactose (`http://yourserver:5162`).
|
|
|
|
**Example — running on `myserver.local`:**
|
|
|
|
```yaml
|
|
# docker-compose.yml (relevant excerpts)
|
|
lactose:
|
|
environment:
|
|
- CorsAllowedOrigins=http://myserver.local:8080 # MilkStream origin seen by the browser
|
|
|
|
milkstream:
|
|
environment:
|
|
- LactoseBaseUrl=http://myserver.local:5162/ # Lactose URL seen by the browser
|
|
```
|
|
|
|
**Example — running on localhost (default):**
|
|
|
|
```yaml
|
|
lactose:
|
|
environment:
|
|
- CorsAllowedOrigins=http://localhost:8080
|
|
|
|
milkstream:
|
|
environment:
|
|
- LactoseBaseUrl=http://localhost:5162/
|
|
```
|
|
|
|
If you expose MilkStream on a non-standard port or via HTTPS, adjust both values
|
|
accordingly and list the exact `scheme://host:port` that appears in the browser's
|
|
address bar.
|