X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1f1991b4824272e9b5a4b37eee6931e6519f8bdf..1293a55ede38d16119b04a6584ca9da143ea3725:/services/keep-web/handler.go

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index c947a6efcd..e1b23621af 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -101,8 +101,11 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 	}
 
 	if r.Header.Get("Origin") != "" {
-		// Allow simple cross-origin requests, without
-		// credentials.
+		// Allow simple cross-origin requests without user
+		// credentials ("user credentials" as defined by CORS,
+		// i.e., cookies, HTTP authentication, and client-side
+		// SSL certificates. See
+		// http://www.w3.org/TR/cors/#user-credentials).
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 	}