From 3b021818504986d66055a22e1e69150c61eff6a0 Mon Sep 17 00:00:00 2001
From: Jochen Topf <jochen@topf.org>
Date: Thu, 9 Oct 2014 09:33:40 +0200
Subject: Add config setting for CORS header.

The response header Access-Control-Allow-Origin was always set to '*' for API
URLs. This is creating some problems with Apache (see
https://github.com/openstreetmap/iD/issues/2333), so it is now configurable.
The value of the new config setting "instance.access_control_allow_origin" is
used for that header now, or, if the variable is empty, the header is not set
at all.
---
 taginfo-config-example.json | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'taginfo-config-example.json')

diff --git a/taginfo-config-example.json b/taginfo-config-example.json
index c2c0264..d72b224 100644
--- a/taginfo-config-example.json
+++ b/taginfo-config-example.json
@@ -16,7 +16,12 @@
         // Contact name and email address.
         "contact": "Anonymous",
         // Geographical area this taginfo instance covers.
-        "area": "World"
+        "area": "World",
+        // Add CORS header Access-Control-Allow-Origin with the given value
+        // to all /api responses. Use "" to not set this header, disallowing
+        // external services to use your API from a browser. Set to "*" to
+        // allow anybody.
+        "access_control_allow_origin": "*"
     },
     // For the geodistribution map. See the wiki documentation about these settings.
     "geodistribution": {
-- 
cgit v1.2.3