Change a few things around for CORS header output

[quix0rs-gnu-social.git] / config.php.sample

diff --git a/config.php.sample b/config.php.sample
index 8ddac67417fd15abc83bf497ba848bbddc6e8b77..87a1977b5f589318d5ad409a6b6f30550ee7ad80 100644 (file)
--- a/config.php.sample
+++ b/config.php.sample
@@ -40,8 +40,12 @@ $config['site']['path'] = 'statusnet';
 // $config['site']['inviteonly'] = true;
 // Make the site invisible to  non-logged-in users
 // $config['site']['private'] = true;
-// Allow Cross-Origin Resource Sharing
-// $config['site']['cors'] = true;
+
+// Allow Cross-Origin Resource Sharing (CORS) for service discovery
+// (host-meta, XRD, etc.) Useful for AJAXy client applications. Should
+// probably NOT be on for private / intranet sites but OK for public sites.
+// Default is off.
+// $config['discovery']['cors'] = true;
 
 // If your web server supports X-Sendfile (Apache with mod_xsendfile,
 // lighttpd, nginx), you can enable X-Sendfile support for better