mirror of
https://github.com/harivansh-afk/sandbox-agent.git
synced 2026-04-15 21:03:26 +00:00
e3c030f66d
* chore: remove inspect.sandboxagent.dev in favor of /ui/ * chore: add 404 page * fix: correct inspector package name in Dockerfiles and add .dockerignore - Change @anthropic-ai/sdk-inspector to @sandbox-agent/inspector in all Dockerfiles - Add .dockerignore to exclude target/, node_modules/, etc from Docker context The wrong package name caused pnpm install --filter to match nothing, so the inspector frontend was never built, resulting in binaries without the /ui/ endpoint. * chore: cargo fmt * chore(release): update version to 0.1.4-rc.7
57 lines
1.6 KiB
Text
57 lines
1.6 KiB
Text
---
|
|
title: "CORS Configuration"
|
|
description: "Configure CORS for browser-based applications."
|
|
sidebarTitle: "CORS"
|
|
icon: "globe"
|
|
---
|
|
|
|
When calling the Sandbox Agent server from a browser, CORS (Cross-Origin Resource Sharing) controls which origins can make requests.
|
|
|
|
## Default Behavior
|
|
|
|
By default, no CORS origins are allowed. You must explicitly specify origins for browser-based applications:
|
|
|
|
```bash
|
|
sandbox-agent server \
|
|
--token "$SANDBOX_TOKEN" \
|
|
--cors-allow-origin "http://localhost:5173"
|
|
```
|
|
|
|
<Note>
|
|
The built-in Inspector UI at `/ui/` is served from the same origin as the server, so it does not require CORS configuration.
|
|
</Note>
|
|
|
|
## Options
|
|
|
|
| Flag | Description |
|
|
|------|-------------|
|
|
| `--cors-allow-origin` | Origins to allow |
|
|
| `--cors-allow-method` | HTTP methods to allow (defaults to all if not specified) |
|
|
| `--cors-allow-header` | Headers to allow (defaults to all if not specified) |
|
|
| `--cors-allow-credentials` | Allow credentials (cookies, authorization headers) |
|
|
|
|
## Multiple Origins
|
|
|
|
Specify the flag multiple times to allow multiple origins:
|
|
|
|
```bash
|
|
sandbox-agent server \
|
|
--token "$SANDBOX_TOKEN" \
|
|
--cors-allow-origin "http://localhost:5173" \
|
|
--cors-allow-origin "http://localhost:3000"
|
|
```
|
|
|
|
## Restricting Methods and Headers
|
|
|
|
By default, all methods and headers are allowed. To restrict them:
|
|
|
|
```bash
|
|
sandbox-agent server \
|
|
--token "$SANDBOX_TOKEN" \
|
|
--cors-allow-origin "https://your-app.com" \
|
|
--cors-allow-method "GET" \
|
|
--cors-allow-method "POST" \
|
|
--cors-allow-header "Authorization" \
|
|
--cors-allow-header "Content-Type" \
|
|
--cors-allow-credentials
|
|
```
|