Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-01-30 19:13:42 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'matrix-org/master' into travis/towncrier

Browse source
This commit is contained in:
Travis Ralston 2018-07-10 08:37:52 -06:00
parent 550f95570b c79010f0d6
commit 8fe8fb9ba1
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
specification/client_server_api.rst
View file

@ -164,6 +164,25 @@ recommended.
{{versions_cs_http_api}} {{versions_cs_http_api}}
Web Browser Clients
-------------------
It is realistic to expect that some clients will be written to be run within a
web browser or similar environment. In these cases, the homeserver should respond
to pre-flight requests and supply Cross-Origin Resource Sharing (CORS) headers on
all requests.
When a client approaches the server with a pre-flight (``OPTIONS``) request, the
server should respond with the CORS headers for that route. The recommended CORS
headers to be returned by servers on all requests are:
.. code::
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Client Authentication Client Authentication
--------------------- ---------------------