Skip to content

Docs should better explain what this package actually does #384

Description

@jonchurch

Cutting this issue to track some docs changes I have queued up, and am open to feedback.

CORS is confusing, infamously so. And we will sometimes get users who are confused about what it is and how it works.

I don't really want the README to try and teach folks everything about CORS, but I do want to try and help people out by improving the documentation to hopefully catch some of the repeat issues we see.

So below is a summary of what I've seen across various issues historically here, and some simple suggestions for improving the readme.

Problem

Users regularly open issues demonstrating misunderstandings about what this package does:

The common thread: users think CORS is server-side access control.

The documentation doesn't clearly state what the library actually does, and uses ambiguous language:

  • "Enable CORS" / "allow origins" suggests blocking
  • "reflect" is jargon that doesn't explain actual header behavior
  • No mention that browsers enforce CORS, not servers

Proposed Improvements

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions