search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.27k stars 418 forks source link

[Feature Request] Add Environment Variable for Docker CORS_ALLOWED_ORIGINS #663

Closed bluegrassiot closed 1 year ago

bluegrassiot commented 1 year ago

I was trying to use the API and ran into the CORS problem. I can only access the API from the same origin as the DNS Server. I hacked my way into allowing the origins I want, but it would be nice to add an option to specify allowed origins in a docker Environment variable like as follows:

CORS_ALLOWED_ORIGINS = http://read.only.com, http://change.allowed.com

If I get time, I will try to do this.

ShreyasZare commented 1 year ago

Thanks for the request. Will get an option added for CORS.

ShreyasZare commented 1 year ago

Can you also describe the scenario where you are using this API? Since usually the API is consumed at the backend and thus there is no issue with CORS.

bluegrassiot commented 1 year ago

I am writing an application with a React front end to discover and configure specific hardware devices on an isolated network. So the React app is using the API to query the DHCP leases and we get the lease info, including the MAC. From the MAC, we can use the OUI portion to figure out the vendor and determine if we support the device in our system. If we support the hardware, then we also allow the user to configure the device using the IP from the lease and the hardware's own API. The user can also Reserve the lease from the configuration in case they want a "static" IP.

ShreyasZare commented 1 year ago

I am writing an application with a React front end to discover and configure specific hardware devices on an isolated network. So the React app is using the API to query the DHCP leases and we get the lease info, including the MAC. From the MAC, we can use the OUI portion to figure out the vendor and determine if we support the device in our system. If we support the hardware, then we also allow the user to configure the device using the IP from the lease and the hardware's own API. The user can also Reserve the lease from the configuration in case they want a "static" IP.

Thanks for the description. Wont it be better to have this task done at the backend of the app? Having it in frontend means that you will be having the API token accessible in the frontend which will create a security issue for your app.

bluegrassiot commented 1 year ago

This is a good point. I will reconsider my approach. Thank you!

ShreyasZare commented 1 year ago

This is a good point. I will reconsider my approach. Thank you!

It seems that adding this option wont be of much use if you move the task at the backend.