Skip to content

docs: Add APPSMITH_BASE_URL environment variable documentation #2962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 28, 2025
Merged

docs: Add APPSMITH_BASE_URL environment variable documentation #2962

merged 1 commit into from
Nov 28, 2025

Conversation

@subrata71
Copy link
Contributor

@subrata71 subrata71 commented Nov 28, 2025
edited
Loading

Description

  • Add new Security section to environment-variables.md
  • Document APPSMITH_BASE_URL for Origin header validation
  • Explain protection against account takeover attacks
  • Include configuration options (Admin Settings UI and env var)
  • Add backward compatibility notes and recommendations

This addresses the account takeover vulnerability by documenting the Origin header validation feature for password reset and email verification requests.

Related PRs:
https://github.com/appsmithorg/appsmith-ee/pull/8448
appsmithorg/appsmith#41426

Pull request type

Check the appropriate box:

  • Review Fixes
  • Documentation Overhaul
  • Feature/Story
    • Link one or more Engineering Tickets
      *
  • A-Force
  • Error in documentation
  • Maintenance

Documentation tickets

Link to one or more documentation tickets:

Checklist

From the below options, select the ones that are applicable:

  • Checked for Grammarly suggestions.
  • Adhered to the writing checklist.
  • Adhered to the media checklist.
  • Verified and updated cross-references or added redirect rules.
  • Tested the redirect rules on deploy preview.
  • Validated the modifications made to the content on the deploy preview.
  • Validated the CSS modifications on different screen sizes.

@subrata71
docs: Add APPSMITH_BASE_URL environment variable documentation
8fb2072 
- Add new Security section to environment-variables.md
- Document APPSMITH_BASE_URL for Origin header validation
- Explain protection against account takeover attacks
- Include configuration options (Admin Settings UI and env var)
- Add backward compatibility notes and recommendations

This addresses the account takeover vulnerability by documenting
the Origin header validation feature for password reset and
email verification requests.
@vercel
Copy link

vercel bot commented Nov 28, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
appsmith-docs Ready Ready Preview Comment Nov 28, 2025 5:39am

@tomjose92 tomjose92 self-requested a review November 28, 2025 05:55
tomjose92
tomjose92 approved these changes Nov 28, 2025
View reviewed changes
Copy link
Contributor

@tomjose92 tomjose92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@subrata71 subrata71 merged commit f158fa8 into main Nov 28, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomjose92 tomjose92 tomjose92 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@subrata71 @tomjose92