Add CORS support to GET requests

author: Nick Thomas <nick@gitlab.com> 2017-06-14 20:11:56 +0300
committer: Nick Thomas <nick@gitlab.com> 2017-06-15 19:40:43 +0300
commit: 3e4c8c7c8fd519cfba327cced38c81756dba816d (patch)
tree: afaec1709558457705e1230239792f2ddb4dfe2c /README.md
parent: d7de6b25b36ae245c9befdd09162a169b9d28651 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/README.md b/README.md
index a4fed1e7..c453095d 100644
--- a/README.md
+++ b/README.md
@@ -90,6 +90,18 @@ Example:
 ./gitlab-pages -listen-http ":8090" -metrics-address ":9235" -pages-root path/to/gitlab/shared/pages -pages-domain example.com
 ```
 
+### Cross-origin requests
+
+GitLab Pages defaults to allowing cross-origin requests for any resource it
+serves. This can be disabled globally by passing `-disable-cross-origin-requests`
+when starting the daemon.
+
+Having cross-origin requests enabled allows third-party websites to make use of
+files stored on the Pages server, which allows various third-party integrations
+to work. However, if it's running on a private network, this may allow websites
+on the public Internet to access its contents *via* your user's browsers -
+assuming they know the URL beforehand.
+
 ### License
 
 MIT
author	Nick Thomas <nick@gitlab.com>	2017-06-14 20:11:56 +0300
committer	Nick Thomas <nick@gitlab.com>	2017-06-15 19:40:43 +0300
commit	3e4c8c7c8fd519cfba327cced38c81756dba816d (patch)
tree	afaec1709558457705e1230239792f2ddb4dfe2c /README.md
parent	d7de6b25b36ae245c9befdd09162a169b9d28651 (diff)