{"id": "json_api:json-api-cors", "page": "json_api", "ref": "json-api-cors", "title": "Enabling CORS", "content": "If you start Datasette with the  --cors  option, each JSON endpoint will be\n                served with the following additional HTTP headers: \n             [[[cog\nfrom datasette.utils import add_cors_headers\nimport textwrap\nheaders = {}\nadd_cors_headers(headers)\noutput = \"\\n\".join(\"{}: {}\".format(k, v) for k, v in headers.items())\ncog.out(\"\\n::\\n\\n\")\ncog.out(textwrap.indent(output, '    '))\ncog.out(\"\\n\\n\") \n             ]]] \n             Access-Control-Allow-Origin: *\nAccess-Control-Allow-Headers: Authorization, Content-Type\nAccess-Control-Expose-Headers: Link\nAccess-Control-Allow-Methods: GET, POST, HEAD, OPTIONS\nAccess-Control-Max-Age: 3600 \n             [[[end]]] \n             This allows JavaScript running on any domain to make cross-origin\n                requests to interact with the Datasette API. \n             If you start Datasette without the  --cors  option only JavaScript running on\n                the same domain as Datasette will be able to access the API. \n             Here's how to serve  data.db  with CORS enabled: \n             datasette data.db --cors", "breadcrumbs": "[\"JSON API\"]", "references": "[]"}