Adding doc for bug 3297.

This commit is contained in:
emilienbondu 2017-02-21 14:51:19 +01:00
parent cf85fc18e8
commit 5f090598ea

View file

@ -17,6 +17,7 @@ This is what one might look like:
"enable-cors" : true,
"cors-max-age" : 1000,
"cors-allowed-methods" : "POST, PUT, DELETE, GET",
"cors-exposed-headers" : "WWW-Authenticate, My-custom-exposed-Header",
"bearer-only" : false,
"enable-basic-auth" : false,
"expose-token" : true,
@ -103,6 +104,12 @@ cors-allowed-headers::
This is _OPTIONAL_.
If not set, this header is not returned in CORS responses.
cors-exposed-headers::
If CORS is enabled, this sets the value of the `Access-Control-Expose-Headers` header.
This should be a comma-separated string.
This is _OPTIONAL_.
If not set, this header is not returned in CORS responses.
bearer-only::
This should be set to _true_ for services. If enabled the adapter will not attempt to authenticate users, but only verify bearer tokens.
This is _OPTIONAL_.