You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/networking/port-forwarding.md
+111
Original file line number
Diff line number
Diff line change
@@ -84,6 +84,117 @@ Valid `share` values include `owner` - private to the user, `authenticated` - ac
84
84
85
85
86
86
87
+
### Cross-origin resource sharing (CORS)
88
+
89
+
When forwarding via the dashboard, Coder automatically sets headers that allow
90
+
requests between separately forwarded applications belonging to the same user.
91
+
92
+
When forwarding through other methods the application itself will need to set
93
+
its own CORS headers if they are being forwarded through different origins since
94
+
Coder does not intercept these cases. See below for the required headers.
95
+
96
+
#### Authentication
97
+
98
+
Since ports forwarded through the dashboard are private, cross-origin requests
99
+
must include credentials (set `credentials: "include"` if using `fetch`) or the
100
+
requests cannot be authenticated and you will see an error resembling the
101
+
following:
102
+
103
+
> Access to fetch at 'https://dev.coder.com/api/v2/applications/auth-redirect' from origin 'https://8000--dev--user--apps.dev.coder.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
104
+
105
+
#### Headers
106
+
107
+
Below is a list of the cross-origin headers Coder sets with example values:
0 commit comments