Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/dadu0699/qr-code/llms.txt

Use this file to discover all available pages before exploring further.

QR Code Generator is intentionally minimal in its configuration surface. A single environment variable, ALLOWED_ORIGINS, controls which browser origins are permitted to call the API cross-origin. Everything else — the runtime, entry point, and asset serving — is handled by the fixed settings in wrangler.jsonc. You define the variable once in the config file for local and preview use, and override it per environment in the Cloudflare dashboard for production.

Environment Variables

ALLOWED_ORIGINS
string
default:"\"\""
A comma-separated list of origins that are allowed to call the API cross-origin. Each entry must be a full origin including scheme and host (e.g. https://myapp.com). An empty string means no cross-origin requests are permitted — only same-origin requests will receive CORS headers.Example: https://myapp.com,https://staging.myapp.comDefined in wrangler.jsonc under vars. Override per environment in the Cloudflare dashboard or by adding environment-specific vars blocks in wrangler.jsonc.
If you are calling the API from a browser frontend hosted on a different origin (e.g. a separate web app or Vercel deployment), you must set ALLOWED_ORIGINS to include that origin. Leaving it empty in production will cause all cross-origin requests to be blocked by the browser, even if the API returns a valid response.

Setting the Variable in wrangler.jsonc

The vars block in wrangler.jsonc defines environment variables that are injected into the Worker at runtime. This is the primary place to configure ALLOWED_ORIGINS for local development and preview deployments.
{
  "$schema": "./node_modules/wrangler/config-schema.json",
  "name": "qr-code",
  "main": "@astrojs/cloudflare/entrypoints/server",
  "compatibility_date": "2026-04-21",
  "compatibility_flags": ["nodejs_compat"],
  "assets": { "directory": "./dist/client" },
  "env": {},
  // Comma-separated list of origins allowed to call the API cross-origin.
  // Empty = same-origin only. Override per environment (e.g. in the Cloudflare
  // dashboard) with your production domain(s), e.g. "https://qr.example.com".
  "vars": { "ALLOWED_ORIGINS": "" }
}
To allow cross-origin access during local preview, update the vars block directly:
"vars": { "ALLOWED_ORIGINS": "https://myapp.com,https://staging.myapp.com" }

Overriding in the Cloudflare Dashboard

For production deployments you should set ALLOWED_ORIGINS through the Cloudflare dashboard rather than committing origin values to source control. Variables set in the dashboard take precedence over those defined in wrangler.jsonc.
1

Open your Worker settings

In the Cloudflare dashboard, navigate to Workers & Pages, then select the qr-code worker.
2

Go to Settings → Variables and Secrets

Select the Settings tab, then scroll to the Variables and Secrets section.
3

Add or edit ALLOWED_ORIGINS

Click Add variable (or edit the existing entry), set the name to ALLOWED_ORIGINS, and enter your comma-separated list of production origins as the value.
https://myapp.com,https://staging.myapp.com
4

Save and redeploy

Click Save. The new value takes effect immediately for new Worker invocations — no redeployment is required when updating dashboard variables.

Configuration Reference

The full wrangler.jsonc configuration reference for this project:
KeyValuePurpose
nameqr-codeWorker name shown in the Cloudflare dashboard
main@astrojs/cloudflare/entrypoints/serverAstro Cloudflare adapter entry point
compatibility_date2026-04-21Workers runtime version snapshot
compatibility_flags["nodejs_compat"]Enables Node.js API compatibility
assets.directory./dist/clientDirectory for static assets served by Workers Assets
vars.ALLOWED_ORIGINS""Comma-separated CORS origin allowlist
For a detailed explanation of how ALLOWED_ORIGINS affects request handling at runtime, see the CORS guide.

Build docs developers (and LLMs) love