From 81bf9a9f3cc5b30107a6b1adeee39d5e8312ecfc Mon Sep 17 00:00:00 2001 From: Simon Willison Date: Thu, 14 Oct 2021 12:19:03 -0700 Subject: [PATCH] Updated --cors documentation, refs #1467 --- docs/json_api.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/json_api.rst b/docs/json_api.rst index 09cac1f9e5..7d3123b743 100644 --- a/docs/json_api.rst +++ b/docs/json_api.rst @@ -10,9 +10,10 @@ To access the API for a page, either click on the ``.json`` link on that page or edit the URL and add a ``.json`` extension to it. If you started Datasette with the ``--cors`` option, each JSON endpoint will be -served with the following additional HTTP header:: +served with the following additional HTTP headers:: Access-Control-Allow-Origin: * + Access-Control-Allow-Headers: Authorization This means JavaScript running on any domain will be able to make cross-origin requests to fetch the data.