| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| blocks:server_configuration_file [2025-11-11 14:03] – Documented allowCrossSiteAuth admin | blocks:server_configuration_file [2025-11-12 09:13] (current) – Note for spotSnap added in 7.4 admin |
|---|
| * **corsPath** and **corsAllowOrigin**. If you want to accept calls from other servers/clients, e.g., to endpoints specified by user scripts (using the [[https://github.com/pixilab/blocks-script/blob/master/system_lib/Metadata.ts#L136|@resource annotation]]), specify the root path of such requests, and the [[https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work|Access-Control-Allow-Origin]] header to be returned here. | * **corsPath** and **corsAllowOrigin**. If you want to accept calls from other servers/clients, e.g., to endpoints specified by user scripts (using the [[https://github.com/pixilab/blocks-script/blob/master/system_lib/Metadata.ts#L136|@resource annotation]]), specify the root path of such requests, and the [[https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work|Access-Control-Allow-Origin]] header to be returned here. |
| * ** applicationConnectors**. Specifies the connection details for the web server, such as port numbers used, etc. | * ** applicationConnectors**. Specifies the connection details for the web server, such as port numbers used, etc. |
| * **allowCrossSiteAuth**. Set to true to allow cross-site authentication (e.g. for the Blocks editor), such as from within an iframe. Note that modern browsers allow this only under https. | * **allowCrossSiteAuth**. Set to true to allow cross-site authentication (e.g. for the Blocks editor), such as from within an IFRAME. Browsers allow this only under HTTPS, so you'll need HTTPS and a certificate to use this feature in addition to setting this option to true. |
| |
| See below for details on server sub-options. | See below for details on server sub-options. |
| apiKeys: | apiKeys: |
| upload: "super-secret" # Value required as apiKey query parameter for uploads | upload: "super-secret" # Value required as apiKey query parameter for uploads |
| | spotSnap: "spot-screen-spy" # Value required as apiKey for viewing screenshots |
| customKey: "super-secret2" | customKey: "super-secret2" |
| </code> | </code> |
| |
| The //upload// key's value (if specified) will be used by Blocks' [[blocks:api:upload|file upload API]]. When specified, all uploads must add an //apiKey// query parameter to their URL, with the value specified for the //upload// key. | The //upload// key's value (if specified) will be used by Blocks' [[blocks:api:upload|file upload API]]. When specified, all uploads must add an //apiKey// query parameter to their URL, with the value specified for the //upload// key. |
| | |
| | The //spotSnap// key's value (if specified) will allow Blocks' [[blocks:api:spot-screenshot|Display Spot Screenshot API]] to be used from non-authenticated clients. This setting was added in Blocks 7.4. |
| |
| You can specify additional key/value pairs, as exemplified by the //customKey// key/value shown above. Such a key can then be applied to custom API endpoints decorated by @resource by also applying an @apiKey decorator, like this: | You can specify additional key/value pairs, as exemplified by the //customKey// key/value shown above. Such a key can then be applied to custom API endpoints decorated by @resource by also applying an @apiKey decorator, like this: |