From 2711913daac645dc1960074d6c5121c8fb49b772 Mon Sep 17 00:00:00 2001
From: Adrian Teng <adrian@teng.io>
Date: Wed, 17 Dec 2014 00:06:27 +0000
Subject: Add documentation on handling CORS pre-flights

---
 docs/narr/webob.rst | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'docs')

diff --git a/docs/narr/webob.rst b/docs/narr/webob.rst
index 6a331e4bf..7d459a1f5 100644
--- a/docs/narr/webob.rst
+++ b/docs/narr/webob.rst
@@ -310,6 +310,10 @@ Python's ``urllib2`` instead of a Javascript AJAX request:
     req = urllib2.Request('http://localhost:6543/', json_payload, headers)
     resp = urllib2.urlopen(req)
 
+If you are doing Cross-origin resource sharing (CORS), then the standard requires the browser to do a pre-flight HTTP OPTIONS request. The easiest way to handling this is adding an extra ``view_config`` for the same route, with ``request_method`` set to ``OPTIONS``, and setting the desired response header before returning. You can find examples of response headers here_.
+
+.. _here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
+
 .. index::
    single: cleaning up after request
 
-- 
cgit v1.2.3