docs: sync from backend 19f7eb9, frontend 60ee6fb — Task #10 AML screening
This commit is contained in:
@@ -12,13 +12,13 @@ This page is the entry point for the API. See the individual service pages for e
|
||||
- [[Authentication API]] - register/login/passkeys/Google OAuth
|
||||
- [[User API]] - profile, wallet, admin user management
|
||||
- [[Marketplace API]] - purchase requests, seller offers, templates, shop, reviews
|
||||
- [[Payment API]] - SHKeeper, Web3, DePay, payouts
|
||||
- [[Payment API]] - Request Network, in-house checkout, ledger-gated release/refund
|
||||
- [[Chat API]] - conversations and messages
|
||||
- [[Notification API]] - in-app notifications
|
||||
- [[Dispute API]] - dispute resolution *(planned, not yet implemented)*
|
||||
- [[Blog API]] - blog posts *(planned, not yet implemented)*
|
||||
- [[Admin API]] - user management, data cleanup *(planned, not yet implemented)*
|
||||
- [[Points API]] - loyalty points, levels, referrals *(planned, not yet implemented)*
|
||||
- [[Dispute API]] - dispute creation, assignment, evidence, resolution
|
||||
- [[Blog API]] - blog posts
|
||||
- [[Admin API]] - user management, data cleanup, RN/admin payment settings
|
||||
- [[Points API]] - loyalty points, levels, referrals
|
||||
- [[AI API]] - OpenAI-backed text endpoints
|
||||
- [[File API]] - upload, delete, serve
|
||||
- [[Socket Events]] - real-time events
|
||||
@@ -157,7 +157,7 @@ cors({
|
||||
})
|
||||
```
|
||||
|
||||
Only the configured `FRONTEND_URL` may make cross-origin requests with credentials. The SHKeeper configuration endpoint (`GET /api/payment/shkeeper/config`) overrides this with `Access-Control-Allow-Origin: *` because it is consumed by the SHKeeper payment widget hosted on another domain.
|
||||
Only the configured `FRONTEND_URL` may make cross-origin requests with credentials. Provider webhooks and Telegram bot webhooks are server-to-server entrypoints and should be exempted through explicit route handling, not broad browser CORS.
|
||||
|
||||
Uploaded files served from `/uploads/*` use `helmet({ crossOriginResourcePolicy: { policy: "cross-origin" } })` so they can be embedded from the frontend domain.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user