Skip to content

Cors

CORS

This whole section is only necessary in cross-origin cases (where you multiple bot API's running on localhost:8081, localhost:8082, ...), and want to combine them into one FreqUI instance.

Technical explanation

All web-based front-ends are subject to CORS - Cross-Origin Resource Sharing. Since most of the requests to the Freqtrade API must be authenticated, a proper CORS policy is key to avoid security problems. Also, the standard disallows * CORS policies for requests with credentials, so this setting must be set appropriately.

Users can allow access from different origin URL's to the bot API via the CORS_origins configuration setting. It consists of a list of allowed URL's that are allowed to consume resources from the bot's API.

Assuming your application is deployed as https://frequi.freqtrade.io/home/ - this would mean that the following configuration becomes necessary:

{
    //...
    "jwt_secret_key": "somethingrandom",
    "CORS_origins": ["https://frequi.freqtrade.io"],
    //...
}

In the following (pretty common) case, FreqUI is accessible on http://localhost:8080/trade (this is what you see in your navbar when navigating to freqUI). freqUI url

The correct configuration for this case is http://localhost:8080 - the main part of the URL including the port.

{
    //...
    "jwt_secret_key": "somethingrandom",
    "CORS_origins": ["http://localhost:8080"],
    //...
}

trailing Slash

The trailing slash is not allowed in the CORS_origins configuration (e.g. "http://localhots:8080/"). Such a configuration will not take effect, and the cors errors will remain.

Note

We strongly recommend to also set jwt_secret_key to something random and known only to yourself to avoid unauthorized access to your bot.