add cors config for claude for office

[akshaydeo]

Summary

Adds CORS configuration instructions for Claude for Office integration with Bifrost, enabling requests from the pivot.claude.ai domain.

Changes

• Added step 6 to the Bifrost configuration guide for enabling CORS
• Included instructions to add https://pivot.claude.ai to the Allowed Origins list
• Added a note indicating users can skip this step if their Allowed Origins are already set to *
• Added new image asset for Google Workspace OAuth client scope configuration

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (Next.js)
• Docs

How to test

Verify the documentation renders correctly and the CORS configuration step is clear:

1. Navigate to the Claude for Office documentation page
2. Confirm step 6 appears after the headers configuration
3. Verify the origin URL https://pivot.claude.ai is correctly formatted
4. Test that the note about skipping when origins are set to * displays properly

Screenshots/Recordings

N/A - Documentation update only

Breaking changes

• Yes
• No

Related issues

N/A

Security considerations

This change documents CORS configuration which affects cross-origin request security. Users should understand the implications of adding specific origins to their allowed list versus using wildcard origins.

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[akshaydeo]

• add cors config for claude for office #2396 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

🧪 Test Suite Available

This PR can be tested by a repository admin.

Run tests for PR #2396

[akshaydeo]

Merge activity

• Mar 30, 2:11 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• Mar 30, 2:12 PM UTC: @akshaydeo merged this pull request with Graphite.

[greptile-apps]

Confidence Score: 5/5

Safe to merge — documentation-only change with one minor concern about an unreferenced image asset.

All findings are P2 style/cleanup. The docs change itself is correct and well-written. The only concern is a potentially orphaned image that doesn't affect functionality or correctness.

docs/media/user-provisioning/gws-scope-for-oauth-client.png — verify this image is intentionally included or remove it if added by mistake.

Important Files Changed

Filename	Overview
docs/cli-agents/claude-for-office.mdx	Adds step 6 for CORS origin configuration; follows the same pattern as the existing step 5 (allowed headers) and is clearly written with no issues.
docs/media/user-provisioning/gws-scope-for-oauth-client.png	New binary image asset added but not referenced in any documentation file in this PR; appears to be an orphaned or misplaced asset.

Comments Outside Diff (1)

1. docs/media/user-provisioning/gws-scope-for-oauth-client.png, line 1 (link)

   Orphaned image asset not referenced in any documentation

   This image (gws-scope-for-oauth-client.png) is added to the repository under docs/media/user-provisioning/ but is not referenced anywhere in the changed documentation file (claude-for-office.mdx) or, from the PR description, in any other document. The name suggests it belongs to a Google Workspace / user-provisioning guide rather than the Claude for Office setup flow.

   If this asset is intended for a separate documentation page (e.g. a user-provisioning guide for GWS), it should either be included in that page's PR or accompanied by the referencing .mdx file here. If it was added by mistake, it should be removed to avoid accumulating unused media assets.

_{Reviews (1): Last reviewed commit: "add cors config for claude for office" | Re-trigger Greptile}