diff --git a/docs/assets/frequi_url.png b/docs/assets/frequi_url.png new file mode 100644 index 000000000..bd6ef52b6 Binary files /dev/null and b/docs/assets/frequi_url.png differ diff --git a/docs/rest-api.md b/docs/rest-api.md index b4992e047..7299e0282 100644 --- a/docs/rest-api.md +++ b/docs/rest-api.md @@ -330,12 +330,15 @@ Since the access token has a short timeout (15 min) - the `token/refresh` reques ### CORS -All web-based front-ends are subject to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - Cross-Origin Resource Sharing. -Since most of the requests to the Freqtrade API must be authenticated, a proper CORS policy is key to avoid security problems. -Also, the standard disallows `*` CORS policies for requests with credentials, so this setting must be set appropriately. +This whole section is only necessary in cross-origin cases (where you multiple bot API's running on `localhost:8081`, `localhost:8082`, ...), and want to combine them into one FreqUI instance. -Users can configure this themselves via the `CORS_origins` configuration setting. -It consists of a list of allowed sites that are allowed to consume resources from the bot's API. +??? info "Technical explanation" + All web-based front-ends are subject to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - Cross-Origin Resource Sharing. + Since most of the requests to the Freqtrade API must be authenticated, a proper CORS policy is key to avoid security problems. + Also, the standard disallows `*` CORS policies for requests with credentials, so this setting must be set appropriately. + +Users can allow access from different origin URL's to the bot API via the `CORS_origins` configuration setting. +It consists of a list of allowed URL's that are allowed to consume resources from the bot's API. Assuming your application is deployed as `https://frequi.freqtrade.io/home/` - this would mean that the following configuration becomes necessary: @@ -348,5 +351,19 @@ Assuming your application is deployed as `https://frequi.freqtrade.io/home/` - t } ``` +In the following (pretty common) case, FreqUI is accessible on `http://localhost:8080/trade` (this is what you see in your navbar when navigating to freqUI). +![freqUI url](assets/frequi_url.png) + +The correct configuration for this case is `http://localhost:8080` - the main part of the URL including the port. + +```jsonc +{ + //... + "jwt_secret_key": "somethingrandom", + "CORS_origins": ["http://localhost:8080"], + //... +} +``` + !!! Note We strongly recommend to also set `jwt_secret_key` to something random and known only to yourself to avoid unauthorized access to your bot.