From 33005ea243f1f1b6880db31e0ac3254851c97291 Mon Sep 17 00:00:00 2001
From: Jon Nordby <jononor@gmail.com>
Date: Sat, 7 Jun 2014 01:27:07 +0200
Subject: [PATCH] API: Add documentation for newly added cross-origin config
 option

---
 docs/api/general.rst | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/api/general.rst b/docs/api/general.rst
index 84f2d86a..7e55d621 100644
--- a/docs/api/general.rst
+++ b/docs/api/general.rst
@@ -73,3 +73,29 @@ Encoding
 ========
 
 OctoPrint uses UTF-8 as charset.
+
+
+.. _sec-api-cross-origin:
+
+Cross-origin requests
+===================
+To make use of the Octoprint API from websites other than the Octoprint web interface,
+cross-origin resource sharing (`CORS <http://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`) must be enabled.
+This is the case even when the website in question is served from a different port on the same machine, and on localhost.
+
+To enable this feature, set the ``allowCrossOrigin`` key in ``config.yml`` to ``true``.
+
+.. code-block:: yaml
+
+   api:
+     enabled: true
+     key: MYKEY
+     allowCrossOrigin: true
+
+.. note::
+   This means any browser page can send requests to the Octoprint API. Authorization is still required, however.
+
+If CORS is not enabled, you will get errors similar to:
+
+``XMLHttpRequest cannot load http://localhost:8081/api/files. No 'Access-Control-Allow-Origin' header is present on the requested resource.``
+