Additional CORS headers settings, added earlier. In progress.

1 files changed, 10 insertions, 0 deletions

diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index 642b6b5f..f8509d4c 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -68,6 +68,16 @@ echo -e "\t$ snap set $SNAP_NAME cors='*'"
 echo -e "\t-Disable the CORS:"
 echo -e "\t$ snap set $SNAP_NAME cors=''"
 echo -e "\n"
+echo -e "To enable the Set Access-Control-Allow-Headers header. \"Authorization,Content-Type\" is required for cross-origin use of the API."
+echo -e "\t$ snap set $SNAP_NAME cors-allow-headers='Authorization,Content-Type'"
+echo -e "\t-Disable the Set Access-Control-Allow-Headers header. \"Authorization,Content-Type\" is required for cross-origin use of the API."
+echo -e "\t$ snap set $SNAP_NAME cors-allow-headers=''"
+echo -e "\n"
+echo -e "To enable the Set Access-Control-Expose-Headers header.  This is not needed for typical CORS situations. Example: *"
+echo -e "\t$ snap set $SNAP_NAME cors-expose-headers='*'"
+echo -e "\t-Disable the Set Access-Control-Expose-Headers header.  This is not needed for typical CORS situations. Example: ''"
+echo -e "\t$ snap set $SNAP_NAME cors-expose-headers=''"
+echo -e "\n"
 echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside."
 echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections"
 echo -e "\t\t and allows all iframing etc. See wekan/server/policy.js"