From 01a407705831c71a992533e0f9b6ac93f213d091 Mon Sep 17 00:00:00 2001 From: mpv1989 Date: Fri, 31 Mar 2017 11:47:06 +0200 Subject: [PATCH] Fix links in docs --- Documentation/Books/Manual/Foxx/Cors.mdpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/Books/Manual/Foxx/Cors.mdpp b/Documentation/Books/Manual/Foxx/Cors.mdpp index 58ae7042ab..11eafb9e5c 100644 --- a/Documentation/Books/Manual/Foxx/Cors.mdpp +++ b/Documentation/Books/Manual/Foxx/Cors.mdpp @@ -1,12 +1,12 @@ Cross-Origin Resource Sharing (CORS) ==================================== -To use CORS in your Foxx services you first need to [configure ArangoDB for CORS](../../HTTP/General/#cross-origin-resource-sharing-cors-requests). As of 3.2 Foxx will then automatically whitelist all response headers as they are used. +To use CORS in your Foxx services you first need to [configure ArangoDB for CORS](../../HTTP/General/README.mdpp#cross-origin-resource-sharing-cors-requests). As of 3.2 Foxx will then automatically whitelist all response headers as they are used. If you want more control over the whitelist or are using an older version of ArangoDB you can set the following response headers in your request handler: * `access-control-expose-headers`: a comma-separated list of response headers. This defaults to a list of all headers the response is actually using (but not including any `access-control` headers). -* `access-control-allow-credentials`: can be set to `"false"` to forbid exposing cookies. The default value depends on whether ArangoDB trusts the origin. See the [notes on `http.trusted-origin`](../../HTTP/General/#cookies-and-authentication). +* `access-control-allow-credentials`: can be set to `"false"` to forbid exposing cookies. The default value depends on whether ArangoDB trusts the origin. See the [notes on `http.trusted-origin`](../../HTTP/General/README.mdpp#cookies-and-authentication). Note that it is not possible to override these headers for the CORS preflight response. It is therefore not possible to accept credentials or cookies only for individual routes, services or databases. The origin needs to be trusted according to the general ArangoDB configuration (see above).