You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Replace offensive words in CORS documentation (mdn#7396)
* Replaced offensive words in CORS documentation
* Removed redundant punctuation mark
Co-authored-by: André Jaenisch <[email protected]>
* Rephrased the definition of the Access-Control-Expose-Headers header
* Corrected the capitalization of JavaScript
Co-authored-by: André Jaenisch <[email protected]>
<p>If the server specifies a single origin (that may dynamically change based on the requesting origin as part of a white-list) rather than the "<code>*</code>" wildcard, then the server should also include <code>Origin</code> in the {{HTTPHeader("Vary")}} response header — to indicate to clients that server responses will differ based on the value of the {{HTTPHeader("Origin")}} request header.</p>
394
+
<p>If the server specifies a single origin (that may dynamically change based on the requesting origin as part of a allowlist) rather than the "<code>*</code>" wildcard, then the server should also include <code>Origin</code> in the {{HTTPHeader("Vary")}} response header — to indicate to clients that server responses will differ based on the value of the {{HTTPHeader("Origin")}} request header.</p>
<p>The {{HTTPHeader("Access-Control-Expose-Headers")}} header lets a server whitelist headers that Javascript (such as {{domxref("XMLHttpRequest.getResponseHeader()","getResponseHeader()")}}) in browsers are allowed to access.</p>
398
+
<p>The {{HTTPHeader("Access-Control-Expose-Headers")}} header adds the specified headers to the allowlist that JavaScript (such as {{domxref("XMLHttpRequest.getResponseHeader()","getResponseHeader()")}}) in browsers is allowed to access.</p>
0 commit comments