mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-05-13 12:13:46 +00:00
c3bc6c7cd5
* fix(nginx): defer cors to gateway allowlist Remove proxy-level wildcard CORS handling so browser origins are controlled by the Gateway allowlist and stay aligned with CSRF origin checks. * docs: document gateway cors allowlist Clarify that same-origin nginx access needs no CORS headers while split-origin or port-forwarded browser clients must opt in with GATEWAY_CORS_ORIGINS. * docs(gateway): record cors source of truth Document that Gateway CORSMiddleware and CSRFMiddleware share GATEWAY_CORS_ORIGINS as the split-origin source of truth. * fix(gateway): align cors origin normalization * docs: clarify gateway langgraph routing * docs(gateway): update runtime routing note
63 lines
2.6 KiB
Plaintext
63 lines
2.6 KiB
Plaintext
# Serper API Key (Google Search) - https://serper.dev
|
|
SERPER_API_KEY=your-serper-api-key
|
|
|
|
# TAVILY API Key
|
|
TAVILY_API_KEY=your-tavily-api-key
|
|
|
|
# Jina API Key
|
|
JINA_API_KEY=your-jina-api-key
|
|
|
|
# InfoQuest API Key
|
|
INFOQUEST_API_KEY=your-infoquest-api-key
|
|
# Browser CORS allowlist for split-origin or port-forwarded deployments (comma-separated exact origins).
|
|
# Leave unset when using the unified nginx endpoint, e.g. http://localhost:2026.
|
|
# GATEWAY_CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000
|
|
|
|
# Optional:
|
|
# FIRECRAWL_API_KEY=your-firecrawl-api-key
|
|
# VOLCENGINE_API_KEY=your-volcengine-api-key
|
|
# OPENAI_API_KEY=your-openai-api-key
|
|
# GEMINI_API_KEY=your-gemini-api-key
|
|
# DEEPSEEK_API_KEY=your-deepseek-api-key
|
|
# NOVITA_API_KEY=your-novita-api-key # OpenAI-compatible, see https://novita.ai
|
|
# MINIMAX_API_KEY=your-minimax-api-key # OpenAI-compatible, see https://platform.minimax.io
|
|
# VLLM_API_KEY=your-vllm-api-key # OpenAI-compatible
|
|
# FEISHU_APP_ID=your-feishu-app-id
|
|
# FEISHU_APP_SECRET=your-feishu-app-secret
|
|
|
|
# SLACK_BOT_TOKEN=your-slack-bot-token
|
|
# SLACK_APP_TOKEN=your-slack-app-token
|
|
# TELEGRAM_BOT_TOKEN=your-telegram-bot-token
|
|
# DISCORD_BOT_TOKEN=your-discord-bot-token
|
|
|
|
# Enable LangSmith to monitor and debug your LLM calls, agent runs, and tool executions.
|
|
# LANGSMITH_TRACING=true
|
|
# LANGSMITH_ENDPOINT=https://api.smith.langchain.com
|
|
# LANGSMITH_API_KEY=your-langsmith-api-key
|
|
# LANGSMITH_PROJECT=your-langsmith-project
|
|
|
|
# GitHub API Token
|
|
# GITHUB_TOKEN=your-github-token
|
|
|
|
# Database (only needed when config.yaml has database.backend: postgres)
|
|
# DATABASE_URL=postgresql://deerflow:password@localhost:5432/deerflow
|
|
#
|
|
# WECOM_BOT_ID=your-wecom-bot-id
|
|
# WECOM_BOT_SECRET=your-wecom-bot-secret
|
|
# DINGTALK_CLIENT_ID=your-dingtalk-client-id
|
|
# DINGTALK_CLIENT_SECRET=your-dingtalk-client-secret
|
|
|
|
# Set to "false" to disable Swagger UI, ReDoc, and OpenAPI schema in production
|
|
# GATEWAY_ENABLE_DOCS=false
|
|
|
|
# ── Frontend SSR → Gateway wiring ─────────────────────────────────────────────
|
|
# The Next.js server uses these to reach the Gateway during SSR (auth checks,
|
|
# /api/* rewrites). They default to localhost values that match `make dev` and
|
|
# `make start`, so most local users do not need to set them.
|
|
#
|
|
# Override only when the Gateway is not on localhost:8001 (e.g. when the
|
|
# frontend and gateway run on different hosts, in containers with a service
|
|
# alias, or behind a different port). docker-compose already sets these.
|
|
# DEER_FLOW_INTERNAL_GATEWAY_BASE_URL=http://localhost:8001
|
|
# DEER_FLOW_TRUSTED_ORIGINS=http://localhost:3000,http://localhost:2026
|