CBG-4948 update the documentation for CORS #7833
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Note that APIs can return 401 if the authenticating user doesn't have access to DB - Annotate use of login_origin and origin
Redocly previews |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates OpenAPI documentation for CORS configuration and session-related endpoints across public and admin APIs. The changes clarify authentication requirements, consolidate schema definitions, and improve CORS documentation.
- Standardizes session endpoint documentation by consolidating the
User-session-informationschema and adding 401 response handling - Updates CORS descriptions to specify that both
cors.login_originandcors.originmust match theOriginheader - Consolidates CORS configuration schema into a reusable component
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/api/paths/public/db-_session.yaml | Added 401 responses, consolidated 200 response schema, updated CORS description and request body schema |
| docs/api/paths/public/db-_google.yaml | Updated CORS description and response reference |
| docs/api/paths/public/db-_facebook.yaml | Updated CORS description and response reference |
| docs/api/paths/admin/db-_session.yaml | Removed duplicate GET endpoint, added 401 response, standardized quote style |
| docs/api/paths/admin/db-_google.yaml | Updated CORS description and response reference |
| docs/api/paths/admin/db-_facebook.yaml | Updated CORS description and response reference |
| docs/api/components/schemas.yaml | Consolidated CORS schema, enhanced User-session-information schema with detailed field descriptions |
| docs/api/components/responses.yaml | Added Unauthorized response, renamed Invalid-CORS to Invalid-CORS-LoginOrigin with improved description |
adamcfraser
reviewed
Oct 31, 2025
docs/api/components/schemas.yaml
Outdated
| properties: | ||
| authentication_handlers: | ||
| description: The ways authentication can be established to authenticate as the user. | ||
| description: The ways authentication can be established to authenticate as a user. Used for CouchDB compatability. Always contains "default" and "cookie". |
Collaborator
There was a problem hiding this comment.
Suggested change
| description: The ways authentication can be established to authenticate as a user. Used for CouchDB compatability. Always contains "default" and "cookie". | |
| description: The ways authentication can be established to authenticate as a user. Used for CouchDB compatibility. Always contains "default" and "cookie". |
adamcfraser
reviewed
Oct 31, 2025
Collaborator
adamcfraser
left a comment
adamcfraser
left a comment
There was a problem hiding this comment.
A few comments/suggestions.
| '404': | ||
| "401": | ||
| $ref: ../../components/responses.yaml#/Unauthorized | ||
| "404": |
Collaborator
There was a problem hiding this comment.
As discussed, check whether 404 is (still) returned by this endpoint.
Collaborator
Author
There was a problem hiding this comment.
This can't return 404.
| $ref: ../../components/responses.yaml#/Invalid-CORS-LoginOrigin | ||
| "401": | ||
| $ref: ../../components/responses.yaml#/Unauthorized | ||
| "404": |
| $ref: ../../components/responses.yaml#/Invalid-CORS-LoginOrigin | ||
| "401": | ||
| $ref: ../../components/responses.yaml#/Unauthorized | ||
| "404": |
Collaborator
Author
There was a problem hiding this comment.
This returns 404 if the session_id doesn't exist.
| '400': | ||
| $ref: ../../components/responses.yaml#/Invalid-CORS | ||
| "401": | ||
| $ref: ../../components/responses.yaml#/Unauthorized |
Collaborator
There was a problem hiding this comment.
Possibly 404 is still returned here if admin auth is disabled?
Collaborator
Author
There was a problem hiding this comment.
Returned if there is no DB.
Co-authored-by: Adam Fraser <[email protected]>
Co-authored-by: Adam Fraser <[email protected]>
Co-authored-by: Adam Fraser <[email protected]>
adamcfraser
approved these changes
Oct 31, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User-session-informationand consolidate usagePreview with: