Update 02_cors.md

Updating docs page to reflect that CORS allowed-origins require the protocol on the front in order to function correctly.
This commit is contained in:
Joe Chenevey 2021-03-04 17:34:49 -05:00 committed by GitHub
parent 2c54a3fd2f
commit 9f9ff0151e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -51,7 +51,7 @@ Once you have enabled CORS you can then control four new headers in the HTTP Res
Allow requests from one specific external domain. Allow requests from one specific external domain.
```yaml ```yaml
Allow-Origin: 'my.domain.com' Allow-Origin: 'https://my.domain.com'
``` ```
* **Multiple Domains**: * **Multiple Domains**:
@ -60,8 +60,8 @@ Once you have enabled CORS you can then control four new headers in the HTTP Res
```yaml ```yaml
Allow-Origin: Allow-Origin:
- 'my.domain.com' - 'https://my.domain.com'
- 'your.domain.org' - 'https://your.domain.org'
``` ```
2. **Access-Control-Allow-Headers.** 2. **Access-Control-Allow-Headers.**
@ -131,7 +131,7 @@ If you add extra headers to your GraphQL server, you will need to write a
SilverStripe\GraphQL\Controller: SilverStripe\GraphQL\Controller:
cors: cors:
Enabled: true Enabled: true
Allow-Origin: 'silverstripe.org' Allow-Origin: 'https://silverstripe.org'
Allow-Headers: 'Authorization, Content-Type' Allow-Headers: 'Authorization, Content-Type'
Allow-Methods: 'GET, POST, OPTIONS' Allow-Methods: 'GET, POST, OPTIONS'
Allow-Credentials: 'true' Allow-Credentials: 'true'