Document the CORS/preflight headers

Fixes https://github.com/matrix-org/matrix-doc/issues/1006
pull/977/head
Travis Ralston 6 years ago
parent 26a62bc07f
commit 4ca54404fa

@ -164,6 +164,26 @@ recommended.
{{versions_cs_http_api}}
Web Browser Clients
-------------------
It is realistic to expect that some clients will be written to be run within a
web browser or similar environment. In these cases, the homeserver should respond
to pre-flight requests and supply Cross-Origin Resource Sharing (CORS) headers.
When a client approaches the server with a pre-flight (``OPTIONS``) request, the
server should respond with the CORS headers for that route. If the route does not
exist, the server should return an ``M_NOT_FOUND`` error with a 404 status code.
The standard CORS headers to be returned by servers on all requests are:
.. code::
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Client Authentication
---------------------

Loading…
Cancel
Save