Limitation: DHCP-Managed Hosts and SECURITY_ORIGIN Configuration in WebAPI #48
Description
One of environment variable SECURITY_ORIGIN in OHDSI/WebAPI is related to CORS was designed for static value to reach address of its WebAPI from ATLAS. (as code below)
The default value is pointing directly to localhost or 127.0.0.1 for single machine working purpose and will occur an error when using another machine in the network, to fix this problem the value of SECURITY_ORIGIN should be "the actual IP address of WebAPI host machine" but this limitation would not possible when host machine cannot be assigned with dedicate IP address, or have to re-obtain DHCP every fixed period of time.
Note: Screenshot from non-host machine when test with same LAN network with host machine.
Current approach would be disable SECURITY_CORS_ENABLED but may not recommended.