Merge branch 'AdrianTeng-master'

2 files changed, 9 insertions, 1 deletions

diff --git a/docs/conf.py b/docs/conf.py
index 4bc8e2172..fa4578275 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -74,7 +74,7 @@ intersphinx_mapping = {
         'http://docs.pylonsproject.org/projects/deform/en/latest',
     None),
     'sqla': ('http://docs.sqlalchemy.org/en/latest', None),
-    'who': ('http://docs.repoze.org/who/latest', None),
+    'who': ('http://repozewho.readthedocs.org/en/latest', None),
     'python': ('http://docs.python.org', None),
     'python3': ('http://docs.python.org/3', None),
     'tstring':
diff --git a/docs/narr/webob.rst b/docs/narr/webob.rst
index 6a331e4bf..0eb070b06 100644
--- a/docs/narr/webob.rst
+++ b/docs/narr/webob.rst
@@ -310,6 +310,14 @@ Python's ``urllib2`` instead of a Javascript AJAX request:
     req = urllib2.Request('http://localhost:6543/', json_payload, headers)
     resp = urllib2.urlopen(req)
 
+If you are doing Cross-origin resource sharing (CORS), then the standard
+requires the browser to do a pre-flight HTTP OPTIONS request. The easiest way
+to handling this is adding an extra ``view_config`` for the same route, with
+``request_method`` set to ``OPTIONS``, and setting the desired response header
+before returning. You can find examples of response headers here_.
+
+.. _here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
+
 .. index::
    single: cleaning up after request