diff --git a/docs/deprecated.md b/docs/deprecated.md index 2748dd9254..735ff4f862 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -54,7 +54,7 @@ The following table provides an overview of the current status of deprecated fea | Status | Feature | Deprecated | Remove | |------------|------------------------------------------------------------------------------------------------------------------------------------|------------|--------| | Deprecated | [Non-standard fields in image inspect](#non-standard-fields-in-image-inspect) | v27.0 | v28.0 | -| Deprecated | [API CORS headers](#api-cors-headers) | v27.0 | v28.0 | +| Removed | [API CORS headers](#api-cors-headers) | v27.0 | v28.0 | | Deprecated | [Graphdriver plugins (experimental)](#graphdriver-plugins-experimental) | v27.0 | v28.0 | | Deprecated | [Unauthenticated TCP connections](#unauthenticated-tcp-connections) | v26.0 | v28.0 | | Deprecated | [`Container` and `ContainerConfig` fields in Image inspect](#container-and-containerconfig-fields-in-image-inspect) | v25.0 | v26.0 | @@ -177,18 +177,19 @@ and a custom [snapshotter](https://github.com/containerd/containerd/tree/v1.7.18 ### API CORS headers **Deprecated in Release: v27.0** -**Target For Removal In Release: v28.0** +**Disabled by default in Release: v27.0** +**Removed in release: v28.0** The `api-cors-header` configuration option for the Docker daemon is insecure, and is therefore deprecated and scheduled for removal. Incorrectly setting this option could leave a window of opportunity for unauthenticated cross-origin requests to be accepted by the daemon. -Starting in Docker Engine v27.0, this flag can still be set, +In Docker Engine v27.0, this flag can still be set, but it has no effect unless the environment variable `DOCKERD_DEPRECATED_CORS_HEADER` is also set to a non-empty value. -This flag will be removed altogether in v28.0. +This flag has been removed altogether in v28.0. This is a breaking change for authorization plugins and other programs that depend on this option for accessing the Docker API from a browser. diff --git a/docs/reference/dockerd.md b/docs/reference/dockerd.md index bb603c9b38..5f57756e88 100644 --- a/docs/reference/dockerd.md +++ b/docs/reference/dockerd.md @@ -25,7 +25,6 @@ A self-sufficient runtime for containers. Options: --add-runtime runtime Register an additional OCI compatible runtime (default []) --allow-nondistributable-artifacts list Allow push of nondistributable artifacts to registry - --api-cors-header string Set CORS headers in the Engine API --authorization-plugin list Authorization plugins to load --bip string Specify network bridge IP -b, --bridge string Attach containers to a network bridge @@ -1074,7 +1073,6 @@ The following is a full example of the allowed configuration options on Linux: ```json { "allow-nondistributable-artifacts": [], - "api-cors-header": "", "authorization-plugins": [], "bip": "", "bridge": "", diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 4f2d4b809b..3bb226a212 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -7,7 +7,6 @@ dockerd - Enable daemon mode **dockerd** [**--add-runtime**[=*[]*]] [**--allow-nondistributable-artifacts**[=*[]*]] -[**--api-cors-header**=[=*API-CORS-HEADER*]] [**--authorization-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] @@ -138,10 +137,6 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru artifacts to private registries and ensure that you are in compliance with any terms that cover redistributing nondistributable artifacts. -**--api-cors-header**="" - Set CORS headers in the Engine API. Default is cors disabled. Give urls like - "http://foo, http://bar, ...". Give "\*" to allow all. - **--authorization-plugin**="" Set authorization plugins to load