-# Sample Configuration File for Privoxy 3.0.27
+# Sample Configuration File for Privoxy 3.0.29
#
-# $Id: config,v 1.114 2017/06/26 12:16:21 fabiankeil Exp $
-#
-# Copyright (C) 2001-2017 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
#
#####################################################################
# #
# problem on your own.
#
#debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
-#debug 1024 # Actions that are applied to all sites and maybe overruled later on.
+#debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
#debug 4096 # Startup banner and warnings
#debug 8192 # Non-fatal errors
#
# requests aren't rejected. Requests are accepted if the
# specified trusted-cgi-refer is the prefix of the Referer.
#
+# If the trusted source is supposed to access the CGI pages via
+# JavaScript the cors-allowed-origin option can be used.
+#
# +-----------------------------------------------------+
# | Warning |
# |-----------------------------------------------------|
# |the user's knowledge. |
# +-----------------------------------------------------+
#
-trusted-cgi-referer http://www.example.org/
+#trusted-cgi-referer http://www.example.org/local-privoxy-control-page
+#
+# 4.11. cors-allowed-origin
+# ==========================
+#
+# Specifies:
+#
+# A trusted website which can access Privoxy's CGI pages through
+# JavaScript.
+#
+# Type of value:
+#
+# URL
+#
+# Default value:
+#
+# Unset
+#
+# Effect if unset:
+#
+# No external sites get access via cross-origin resource
+# sharing.
+#
+# Notes:
+#
+# Modern browsers by default prevent cross-origin requests made
+# via JavaScript to Privoxy's CGI interface even if Privoxy
+# would trust the referer because it's white listed via the
+# trusted-cgi-referer directive.
+#
+# Cross-origin resource sharing (CORS) is a mechanism to allow
+# cross-origin requests.
+#
+# The "cors-allowed-origin" option can be used to specify a
+# domain that is allowed to make requests to Privoxy CGI
+# interface via JavaScript. It is used in combination with the
+# trusted-cgi-referer directive.
+#
+# +-----------------------------------------------------+
+# | Warning |
+# |-----------------------------------------------------|
+# |Declaring domains the admin doesn't control |
+# |trustworthy may allow malicious third parties to |
+# |modify Privoxy's internal state against the user's |
+# |wishes and without the user's knowledge. |
+# +-----------------------------------------------------+
#
+#cors-allowed-origin http://www.example.org/
#
# 5. FORWARDING
# ==============
# affected by this directive.
#
#client-header-order Host \
+# User-Agent \
# Accept \
# Accept-Language \
# Accept-Encoding \