Skip to content

Commit

Permalink
Merge pull request #5437 from thaJeztah/remove_deprecated_cors_headers
Browse files Browse the repository at this point in the history
docs, man: dockerd: remove --api-cors-header (deprecated)
  • Loading branch information
laurazard authored Sep 16, 2024
2 parents ccc87eb + 1a0e320 commit 7b63045
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 11 deletions.
9 changes: 5 additions & 4 deletions docs/deprecated.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ The following table provides an overview of the current status of deprecated fea
| Status | Feature | Deprecated | Remove |
|------------|------------------------------------------------------------------------------------------------------------------------------------|------------|--------|
| Deprecated | [Non-standard fields in image inspect](#non-standard-fields-in-image-inspect) | v27.0 | v28.0 |
| Deprecated | [API CORS headers](#api-cors-headers) | v27.0 | v28.0 |
| Removed | [API CORS headers](#api-cors-headers) | v27.0 | v28.0 |
| Deprecated | [Graphdriver plugins (experimental)](#graphdriver-plugins-experimental) | v27.0 | v28.0 |
| Deprecated | [Unauthenticated TCP connections](#unauthenticated-tcp-connections) | v26.0 | v28.0 |
| Deprecated | [`Container` and `ContainerConfig` fields in Image inspect](#container-and-containerconfig-fields-in-image-inspect) | v25.0 | v26.0 |
Expand Down Expand Up @@ -177,18 +177,19 @@ and a custom [snapshotter](https://github.com/containerd/containerd/tree/v1.7.18
### API CORS headers

**Deprecated in Release: v27.0**
**Target For Removal In Release: v28.0**
**Disabled by default in Release: v27.0**
**Removed in release: v28.0**

The `api-cors-header` configuration option for the Docker daemon is insecure,
and is therefore deprecated and scheduled for removal.
Incorrectly setting this option could leave a window of opportunity
for unauthenticated cross-origin requests to be accepted by the daemon.

Starting in Docker Engine v27.0, this flag can still be set,
In Docker Engine v27.0, this flag can still be set,
but it has no effect unless the environment variable
`DOCKERD_DEPRECATED_CORS_HEADER` is also set to a non-empty value.

This flag will be removed altogether in v28.0.
This flag has been removed altogether in v28.0.

This is a breaking change for authorization plugins and other programs
that depend on this option for accessing the Docker API from a browser.
Expand Down
2 changes: 0 additions & 2 deletions docs/reference/dockerd.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ A self-sufficient runtime for containers.
Options:
--add-runtime runtime Register an additional OCI compatible runtime (default [])
--allow-nondistributable-artifacts list Allow push of nondistributable artifacts to registry
--api-cors-header string Set CORS headers in the Engine API
--authorization-plugin list Authorization plugins to load
--bip string Specify network bridge IP
-b, --bridge string Attach containers to a network bridge
Expand Down Expand Up @@ -1074,7 +1073,6 @@ The following is a full example of the allowed configuration options on Linux:
```json
{
"allow-nondistributable-artifacts": [],
"api-cors-header": "",
"authorization-plugins": [],
"bip": "",
"bridge": "",
Expand Down
5 changes: 0 additions & 5 deletions man/dockerd.8.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ dockerd - Enable daemon mode
**dockerd**
[**--add-runtime**[=*[]*]]
[**--allow-nondistributable-artifacts**[=*[]*]]
[**--api-cors-header**=[=*API-CORS-HEADER*]]
[**--authorization-plugin**[=*[]*]]
[**-b**|**--bridge**[=*BRIDGE*]]
[**--bip**[=*BIP*]]
Expand Down Expand Up @@ -138,10 +137,6 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru
artifacts to private registries and ensure that you are in compliance with
any terms that cover redistributing nondistributable artifacts.

**--api-cors-header**=""
Set CORS headers in the Engine API. Default is cors disabled. Give urls like
"http://foo, http://bar, ...". Give "\*" to allow all.

**--authorization-plugin**=""
Set authorization plugins to load

Expand Down

0 comments on commit 7b63045

Please sign in to comment.