Ruben Fiszel

@kosborn feature request makes sense and will be implemented. But a simple way to achieve this is to create a virtual user with just the right amount of read rights....

@fatonramadani this can be complementary to the new `password` field option. When the schema form is used in the context of the new run page and a field is secret,...

Done, every string input marked as a password input now behaves as explained above:  meaning only the caller can see it

THank you for the issue. We set CORS at the cloudfront level so what applies to app.windmill.dev might be cloud specific. Let me dig into this more

@u12206050 One possibility that would unblock you immediately is to use a cloudflare worker function as a proxy. We use one ourselve for our preview environment: https://github.com/windmill-labs/windmill/blob/main/functions/api/%5B%5Bpath%5D%5D.ts It will be...

We're happy to manage it for you in one of our enterprise plan.

Right now we explicitely do not want to enable cors to run scripts and flows from app.windmill.dev because there are too many ways this could be hijacked as exploit (it...

THat's the source but the target is our cloud solution or a self-hosted ? If self-hosted, then it should be possible to disable CORS for running scripts and flows. Have...

It's the exact opposite, we do not want ppl with arbitrary domain to be able to run arbitrary scripts and flows at app.windmill.dev from the browsers. There are too many...

An example of exploit: Right now, with cors disabled, if someone were to lure me in, on an innocent page, with some javascript that are targeting any workspace script, given...