Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3ecf99c

Browse files
committed
document CORS
1 parentc0b3948 commit3ecf99c

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

‎content/v3.md‎

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ you have any problems or requests please contact
1616
* <ahref="#authentication">Authentication</a>
1717
* <ahref="#pagination">Pagination</a>
1818
* <ahref="#rate-limiting">Rate Limiting</a>
19+
* <ahref="#cross-origin-resource-sharing">Cross Origin Resource Sharing</a>
1920
* <ahref="#json-p-callbacks">JSON-P Callbacks</a>
2021

2122
##Schema
@@ -201,6 +202,39 @@ You can file a [support issue](http://support.github.com/dashboard/queues/2386-a
201202
to request white listed access for your application. We prefer sites that
202203
setup OAuth applications for their users.
203204

205+
##Cross Origin Resource Sharing
206+
207+
The API supports Cross Origin Resource Sharing (CORS) for AJAX requests.
208+
you can read the[CORS W3C working draft](http://www.w3.org/TR/cors), or
209+
[this intro](http://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity) from the
210+
HTML 5 Security Guide.
211+
212+
Here's a sample request sent from a browser hitting
213+
`http://some-site.com`:
214+
215+
$ curl -i https://api.github.com -H "Origin: http://some-site.com"
216+
HTTP/1.1 302 Found
217+
218+
Any domain that is registered as an OAuth Application is accepted.
219+
Here's a sample request for a browser hitting[Calendar About Nothing](http://calendaraboutnothing.com/):
220+
221+
$ curl -i https://api.github.com -H "Origin: http://calendaraboutnothing.com"
222+
HTTP/1.1 302 Found
223+
Access-Control-Allow-Origin: http://calendaraboutnothing.com
224+
Access-Control-Expose-Headers: Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
225+
Access-Control-Allow-Credentials: true
226+
227+
This is what the CORS preflight request looks like:
228+
229+
$ curl -i https://api.github.com -H "Origin: http://calendaraboutnothing.com" -X OPTIONS
230+
HTTP/1.1 204 No Content
231+
Access-Control-Allow-Origin: http://calendaraboutnothing.com
232+
Access-Control-Allow-Headers: Authorization, X-Requested-With
233+
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE
234+
Access-Control-Expose-Headers: Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
235+
Access-Control-Max-Age: 86400
236+
Access-Control-Allow-Credentials: true
237+
204238
##JSON-P Callbacks
205239

206240
You can send a`?callback` parameter to any GET call to have the results

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp