https://github.com/temporalio/ui-server is automatically updated to mirror changes to https://github.com/temporalio/ui/tree/main/server; commits should be made to the UI repository.
For contributions follow UI's development guide https://github.com/temporalio/ui
The development server uses Air for automatic hot reloading when Go source files change. Air will be automatically installed on first run in development mode, which may take a moment.
The server supports flexible CORS configuration through YAML config files:
cors:
allowOrigins:
- "https://example.com"
- "https://app.example.com"
unsafeAllowAllOrigins: false # Default: false
cookieInsecure: falseConfiguration Options:
allowOrigins: List of explicitly allowed origins for CORS requestsunsafeAllowAllOrigins:⚠️ UNSAFE - Whentrue, allows any origin that makes a request. Only enable for development/testing environmentscookieInsecure: Allow CSRF cookies over insecure connections (useful for VPN scenarios)
Security Note: The unsafeAllowAllOrigins setting bypasses CORS security and should never be enabled in production. It dynamically allows the requesting origin, which can expose your API to cross-origin attacks.