tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Update 02_cors.md

Browse Source 
Updating docs page to reflect that CORS allowed-origins require the protocol on the front in order to function correctly.
This commit is contained in:
Joe Chenevey 2021-03-04 17:34:49 -05:00 committed by GitHub
parent 2c54a3fd2f
commit 9f9ff0151e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/en/02_Developer_Guides/19_GraphQL/04_security_and_best_practices/02_cors.md
View File

@ -51,7 +51,7 @@ Once you have enabled CORS you can then control four new headers in the HTTP Res
Allow requests from one specific external domain.
```yaml
Allow-Origin: 'my.domain.com'
Allow-Origin: 'https://my.domain.com'
```
* **Multiple Domains**:
@ -60,8 +60,8 @@ Once you have enabled CORS you can then control four new headers in the HTTP Res
```yaml
Allow-Origin:
- 'my.domain.com'
- 'your.domain.org'
- 'https://my.domain.com'
- 'https://your.domain.org'
```
2. **Access-Control-Allow-Headers.**
@ -131,7 +131,7 @@ If you add extra headers to your GraphQL server, you will need to write a
SilverStripe\GraphQL\Controller:
cors:
Enabled: true
Allow-Origin: 'silverstripe.org'
Allow-Origin: 'https://silverstripe.org'
Allow-Headers: 'Authorization, Content-Type'
Allow-Methods: 'GET, POST, OPTIONS'
Allow-Credentials: 'true'