doc: add doc for env config when site and backend are in different domains (#28318)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-05-04 01:18:05 +08:00 · 2025-11-18 17:29:54 +08:00
parent 82068a6918
commit e83c7438cb
5 changed files with 16 additions and 8 deletions
--- a/web/.env.example
+++ b/web/.env.example
@ -12,6 +12,9 @@ NEXT_PUBLIC_API_PREFIX=http://localhost:5001/console/api
 # console or api domain.
 # example: http://udify.app/api
 NEXT_PUBLIC_PUBLIC_API_PREFIX=http://localhost:5001/api
+# When the frontend and backend run on different subdomains, set NEXT_PUBLIC_COOKIE_DOMAIN=1.
+NEXT_PUBLIC_COOKIE_DOMAIN=
+
 # The API PREFIX for MARKETPLACE
 NEXT_PUBLIC_MARKETPLACE_API_PREFIX=https://marketplace.dify.ai/api/v1
 # The URL for MARKETPLACE
@ -34,9 +37,6 @@ NEXT_PUBLIC_CSP_WHITELIST=
 # Default is not allow to embed into iframe to prevent Clickjacking: https://owasp.org/www-community/attacks/Clickjacking
 NEXT_PUBLIC_ALLOW_EMBED=

-# Shared cookie domain when console UI and API use different subdomains (e.g. example.com)
-NEXT_PUBLIC_COOKIE_DOMAIN=
-
 # Allow rendering unsafe URLs which have "data:" scheme.
 NEXT_PUBLIC_ALLOW_UNSAFE_DATA_SCHEME=false