add cors section in openapi spec

pull/4113/head
Rigel Kent 2021-05-12 21:21:52 +02:00
parent c158a5faab
commit 0ae3ebb03e
No known key found for this signature in database
GPG Key ID: 5E53E96A494E452F
1 changed files with 21 additions and 6 deletions

View File

@ -66,12 +66,12 @@ info:
We are rate-limiting all endpoints of PeerTube's API. Custom values can be set by administrators: We are rate-limiting all endpoints of PeerTube's API. Custom values can be set by administrators:
| Endpoint | Calls | Time frame | | Endpoint (prefix: `/api/v1`) | Calls | Time frame |
|-------------------------|------------------|---------------------------| |------------------------------|---------------|--------------|
| `/*` | 50 | 10 seconds | | `/*` | 50 | 10 seconds |
| `POST /users/token` | 15 | 5 minutes | | `POST /users/token` | 15 | 5 minutes |
| `POST /users/register` | 2<sup>*</sup> | 5 minutes | | `POST /users/register` | 2<sup>*</sup> | 5 minutes |
| `POST /users/ask-send-verify-email` | 3 | 5 minutes | | `POST /users/ask-send-verify-email` | 3 | 5 minutes |
Depending on the endpoint, <sup>*</sup>failed requests are not taken into account. A service Depending on the endpoint, <sup>*</sup>failed requests are not taken into account. A service
limit is announced by a `429 Too Many Requests` status code. limit is announced by a `429 Too Many Requests` status code.
@ -85,6 +85,21 @@ info:
| `X-RateLimit-Remaining` | Number of remaining requests in the current time period | | `X-RateLimit-Remaining` | Number of remaining requests in the current time period |
| `X-RateLimit-Reset` | Timestamp of end of current time period as UNIX timestamp | | `X-RateLimit-Reset` | Timestamp of end of current time period as UNIX timestamp |
| `Retry-After` | Seconds to delay after the first `429` is received | | `Retry-After` | Seconds to delay after the first `429` is received |
# CORS
This API features [Cross-Origin Resource Sharing (CORS)](https://fetch.spec.whatwg.org/),
allowing cross-domain communication from the browser for some routes:
| Endpoint | Origin |
|------------------------- ---|--------|
| `/api/*` | * |
| `/download/*` | * |
| `/lazy-static/*` | * |
| `/live/segments-sha256/*` | * |
| `/.well-known/webfinger` | * |
In addition, all routes serving ActivityPub are CORS-enabled for all origins.
externalDocs: externalDocs:
url: https://docs.joinpeertube.org/api-rest-reference.html url: https://docs.joinpeertube.org/api-rest-reference.html
tags: tags: