From 9f9ff0151e6628e4a1abe42babaa6fcb7c8211b6 Mon Sep 17 00:00:00 2001 From: Joe Chenevey Date: Thu, 4 Mar 2021 17:34:49 -0500 Subject: [PATCH] Update 02_cors.md Updating docs page to reflect that CORS allowed-origins require the protocol on the front in order to function correctly. --- .../19_GraphQL/04_security_and_best_practices/02_cors.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/02_Developer_Guides/19_GraphQL/04_security_and_best_practices/02_cors.md b/docs/en/02_Developer_Guides/19_GraphQL/04_security_and_best_practices/02_cors.md index b1f33307c..ca6dc6a62 100644 --- a/docs/en/02_Developer_Guides/19_GraphQL/04_security_and_best_practices/02_cors.md +++ b/docs/en/02_Developer_Guides/19_GraphQL/04_security_and_best_practices/02_cors.md @@ -51,7 +51,7 @@ Once you have enabled CORS you can then control four new headers in the HTTP Res Allow requests from one specific external domain. ```yaml - Allow-Origin: 'my.domain.com' + Allow-Origin: 'https://my.domain.com' ``` * **Multiple Domains**: @@ -60,8 +60,8 @@ Once you have enabled CORS you can then control four new headers in the HTTP Res ```yaml Allow-Origin: - - 'my.domain.com' - - 'your.domain.org' + - 'https://my.domain.com' + - 'https://your.domain.org' ``` 2. **Access-Control-Allow-Headers.** @@ -131,7 +131,7 @@ If you add extra headers to your GraphQL server, you will need to write a SilverStripe\GraphQL\Controller: cors: Enabled: true - Allow-Origin: 'silverstripe.org' + Allow-Origin: 'https://silverstripe.org' Allow-Headers: 'Authorization, Content-Type' Allow-Methods: 'GET, POST, OPTIONS' Allow-Credentials: 'true'