@@ -484,36 +484,35 @@ X-RateLimit-Reset: 1372700873
484484
485485## Cross Origin Resource Sharing
486486
487- The API supports Cross Origin Resource Sharing (CORS) for AJAX requests.
488- you can read the [ CORS W3C working draft] ( http://www.w3.org/TR/cors ) , or
487+ The API supports Cross Origin Resource Sharing (CORS) for AJAX requests from
488+ any origin.
489+ You can read the [ CORS W3C Recommendation] ( http://www.w3.org/TR/cors ) , or
489490[ this intro] ( http://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity ) from the
490491HTML 5 Security Guide.
491492
492493Here's a sample request sent from a browser hitting
493494` http://example.com ` :
494495
495- $ curl -i https://api.github.com -H "Origin: http://example.com"
496- HTTP/1.1 302 Found
497-
498- Any domain that is registered as an OAuth Application is accepted.
499- Here's a sample request for a browser hitting [ Travis CI] ( http://travis-ci.org/ ) :
500-
501- $ curl -i https://api.github.com -H "Origin: http://travis-ci.org"
502- HTTP/1.1 302 Found
503- Access-Control-Allow-Origin: *
504- Access-Control-Expose-Headers: ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
505- Access-Control-Allow-Credentials: true
496+ <pre class =" terminal " >
497+ $ curl -i https://api.github.com -H "Origin: http://example.com"
498+ HTTP/1.1 302 Found
499+ Access-Control-Allow-Origin: *
500+ Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
501+ Access-Control-Allow-Credentials: true
502+ </pre >
506503
507504This is what the CORS preflight request looks like:
508505
509- $ curl -i https://api.github.com -H "Origin: http://travis-ci.org" -X OPTIONS
510- HTTP/1.1 204 No Content
511- Access-Control-Allow-Origin: *
512- Access-Control-Allow-Headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-Requested-With
513- Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE
514- Access-Control-Expose-Headers: ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
515- Access-Control-Max-Age: 86400
516- Access-Control-Allow-Credentials: true
506+ <pre class =" terminal " >
507+ $ curl -i https://api.github.com -H "Origin: http://example.com" -X OPTIONS
508+ HTTP/1.1 204 No Content
509+ Access-Control-Allow-Origin: *
510+ Access-Control-Allow-Headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-GitHub-OTP, X-Requested-With
511+ Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE
512+ Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
513+ Access-Control-Max-Age: 86400
514+ Access-Control-Allow-Credentials: true
515+ </pre >
517516
518517## JSON-P Callbacks
519518
0 commit comments