N
Novu•6mo ago
Prateek Sharma

Define origins in access-control-allow-origin header for in-app notifications

Hello, We have a react frontend and we are using the Novu notification plugin and initializing using the url: https://api.novu.co/v1/widgets/session/initialize with applicationIdentifier. In the response header, we are getting access-control-allow-origin: *. Is there a way we can update it to a specific set of origins in the Novu manage platform ?
6 Replies
Ask Inkeep
Ask Inkeep•6mo ago
Hi @Prateek Sharma, I'm an AI assistant for Novu. While a team member reviews this question, I'll see if I can find relevant sources for your question. ----------------------------- While I generate an answer, here are some sources that might be helpful: * Vue * Object Storage (S3, Blob, GCS) * How to Add Digest to In-App Notifications * API Reference ----------------------------- Answer Sorry, I wasn't able to find any information about your question. Please click on the "Ask for help" button to tag a team member to review your question. Got it. Tagging @Support for additional help.
Pawan Jain
Pawan Jain•6mo ago
@Prateek Sharma Would you like to share your usecase with this request?
Prateek Sharma
Prateek SharmaOP•6mo ago
Hello Pawan. We are currently getting VAPT done for our SOC2 certification. In the findings, we were shared a finding that the response header for access origin returns * on calling api.novu.co from out frontend. This is the remediation we were shared: The cross-domain policy published in this application allows access from any i.e. it appears to be overly permissive.Review the domains that are allowed by the cross-domain policy and determine whether it is appropriate for the application to trust the domains and their contents
Pawan Jain
Pawan Jain•6mo ago
@Prateek Sharma Thanks for sharing. Sharing with team to take a look 🙂 @Dima Grossman can you please take a look at this?
Prateek Sharma
Prateek SharmaOP•5mo ago
Hello @Pawan Jain @Dima Grossman . Is there any update on this ? Thank you!
Pawan Jain
Pawan Jain•5mo ago
@Prateek Sharma I shared your requirements with team Currently we don't support this feature. We are working on notification center restructuring. we have added this into our backlog and will take a look after initial launch after restructuring
Want results from more Discord servers?
Add your server