7884: Clarify "credentials" comment.

author Tom Clegg <tom@curoverse.com>

Fri, 18 Dec 2015 20:40:11 +0000 (15:40 -0500)

committer Tom Clegg <tom@curoverse.com>

Fri, 18 Dec 2015 20:40:28 +0000 (15:40 -0500)
author Tom Clegg <tom@curoverse.com>
Fri, 18 Dec 2015 20:40:11 +0000 (15:40 -0500)
committer Tom Clegg <tom@curoverse.com>
Fri, 18 Dec 2015 20:40:28 +0000 (15:40 -0500)
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go

index c947a6efcd1189137afbe4debd5b4bc2c78c0921..e1b23621af8f70aa214e43639140ca23ed2784c4 100644 (file)
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -101,8 +101,11 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
         }
  
         if r.Header.Get("Origin") != "" {
-               // Allow simple cross-origin requests, without
-               // credentials.
+               // Allow simple cross-origin requests without user
+               // credentials ("user credentials" as defined by CORS,
+               // i.e., cookies, HTTP authentication, and client-side
+               // SSL certificates. See
+               // http://www.w3.org/TR/cors/#user-credentials).
                 w.Header().Set("Access-Control-Allow-Origin", "*")
         }
author	Tom Clegg <tom@curoverse.com>
	Fri, 18 Dec 2015 20:40:11 +0000 (15:40 -0500)
committer	Tom Clegg <tom@curoverse.com>
	Fri, 18 Dec 2015 20:40:28 +0000 (15:40 -0500)