andpp/mopidy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

docs: improve http/allowed_origins (Fixes #1719).

Browse Source 
Be explicitly that should not include the scheme or default ports and given an example.
This commit is contained in:
Nick Steel 2018-10-29 11:26:26 +00:00 committed by GitHub
parent 9a7adc280f
commit 2a8375a947
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/ext/http.rst
View File

@ -103,13 +103,16 @@ See :ref:`config` for general help on configuring Mopidy.
A list of domains allowed to perform Cross-Origin Resource Sharing (CORS) A list of domains allowed to perform Cross-Origin Resource Sharing (CORS)
requests. This applies to both JSON-RPC and WebSocket requests. Values requests. This applies to both JSON-RPC and WebSocket requests. Values
should be in the format ``hostname:port`` and separated by either a comma or should be in the format ``hostname:port``, should not specify any scheme and
newline. be separated by either a comma or newline. Additionally, the ``port`` should
not be specified if it is the default (80 for http, 443 for https).
Same-origin requests (i.e. requests from Mopidy's web server) are always Same-origin requests (i.e. requests from Mopidy's web server) are always
allowed and so you don't need an entry for those. However, if your requests allowed and so you don't need an entry for those. However, if your requests
originate from a different web server, you will need to add an entry for originate from a different web server, you will need to add an entry for
that server in this list. that server in this list. For example, to allow requests from a web server
at 'http://www.my.web-client.com' you would specify the entry
'www.my.web-client.com'.
.. confval:: http/csrf_protection .. confval:: http/csrf_protection