Merge pull request #6 from temporalio/tomwheeler-gitpod-fix

Disable origin check in Svelte configuration (GitPod workaround)
temporalio · Aug 13, 2024 · ecd2832 · ecd2832
2 parents 99e186f + ecfb8c3
commit ecd2832
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -24,6 +24,10 @@ pnpm dev
 
 This starts a local server. You can navigate to http://127.0.0.1:5173/ to view the web application. 
 
+NOTE: As a workaround for deployment to [GitPod](https://gitpod.io/), in which the domain of each application 
+container is assigned dynamically, this application [disables the CSRF origin check](https://github.com/temporalio/reference-app-orders-web/blob/5a1044ddae5a5f110263b9c464f576384d533036/svelte.config.js#L10-L12). [Pull request #6](https://github.com/temporalio/reference-app-orders-web/pull/6) describes this in more detail, and we recommend reinstating this origin check for improved security in a 
+real-world deployment. 
+
 
 ## Building the Web Application
 

diff --git a/svelte.config.js b/svelte.config.js
@@ -6,7 +6,10 @@ const config = {
 	preprocess: vitePreprocess(),
 
 	kit: {
-		adapter: adapter()
+		adapter: adapter(),
+		csrf: {
+			checkOrigin: false,
+		}
 	}
 };