Configuring the Allowed Origin for the WebSocket Notifications

The Platform relies on WebSockets for notifications, and in order to work, WebSocket endpoints need to specify the allowed web origins.

For more details on cross-origin resource sharing, please refer to the Section Configuring Cross-Origin Resource Sharing (CORS).

The allowed origin should be configured in the .env file in the app folder (app/.env).

For an application available with the URL https://my-application.internal.some-company.com/home should be edited as follows:

# Allowing '*' as origin is, generally speaking, a bad practice.
# You should not use it for deployed environment
# but change it for the public url of your Platform application.
# E.g. - WEBSOCKET_ALLOWEDORIGIN=https://www.my-gene-app
#
WEBSOCKET_ALLOWEDORIGIN=https://www.my-application.internal.some-company.com

Note:

Note that, unlike the URL, the origin is only composed from the URL scheme, host and port but does not contain path information.