Summary
crates/tui/src/runtime_api.rs hardcodes the CORS allowed-origins list. The whalescale UI hits this when developing against a Vite dev server on a non-default port and has to manually pin Vite to port 1420 as a workaround.
Proposal
Add config knob (config.toml [runtime_api] cors_origins = ["..."] and/or env override DEEPSEEK_RUNTIME_CORS_ORIGINS). Defaults stay as today (localhost:7878 + the documented dev origins). When set, the CORS layer in runtime_api.rs uses the configured list.
Tracks
- whalescale#255 — CORS allowlist hardcoded port (workaround: Vite on 1420)
- Umbrella: whalescale#228
Acceptance
- New config field + env override documented in
config.example.toml and docs/RUNTIME_API.md.
- Default behavior unchanged.
- Whalescale UI confirms it can run on any local port without daemon recompile.
Summary
crates/tui/src/runtime_api.rshardcodes the CORS allowed-origins list. The whalescale UI hits this when developing against a Vite dev server on a non-default port and has to manually pin Vite to port 1420 as a workaround.Proposal
Add config knob (config.toml
[runtime_api] cors_origins = ["..."]and/or env overrideDEEPSEEK_RUNTIME_CORS_ORIGINS). Defaults stay as today (localhost:7878 + the documented dev origins). When set, the CORS layer inruntime_api.rsuses the configured list.Tracks
Acceptance
config.example.tomlanddocs/RUNTIME_API.md.