mirror of
https://github.com/reconurge/flowsint.git
synced 2026-07-12 17:12:31 -05:00
allow_origins was ["*"] together with allow_credentials=True, which is both insecure and rejected by browsers for credentialed requests. Read a comma-separated ALLOWED_ORIGINS env var instead, defaulting to the Vite dev origin http://localhost:5173. Documented in .env.example.
13 lines
628 B
Plaintext
13 lines
628 B
Plaintext
NODE_ENV=production
|
|
AUTH_SECRET=superscretchangeitplz
|
|
# Generate your own master key by running: python3 -c "import os, base64; key = os.urandom(32); print('base64:' + base64.b64encode(key).decode('utf-8'))"
|
|
MASTER_VAULT_KEY_V1=base64:qnHTmwYb+uoygIw9MsRMY22vS5YPchY+QOi/E79GAvM=
|
|
NEO4J_URI_BOLT=bolt://neo4j:7687
|
|
NEO4J_USERNAME=neo4j
|
|
NEO4J_PASSWORD=password
|
|
VITE_API_URL=http://127.0.0.1:5001
|
|
# Comma-separated CORS allowed origins. Defaults to http://localhost:5173 (Vite dev) when unset.
|
|
ALLOWED_ORIGINS=http://localhost:5173
|
|
DATABASE_URL=postgresql://flowsint:flowsint@localhost:5433/flowsint
|
|
REDIS_URL=redis://redis:6379/0
|