X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=config;h=11f00bb57587d6e5596398dcf201654610f01e0d;hp=ff6e7c3c05a12be3159eb92024b6e1e6f50758aa;hb=bdb4f63c89a27bec21bf31c5c400b4f66661310f;hpb=2e8c7e4321104708859ad7bf3e5697c0897778c5

diff --git a/config b/config
index ff6e7c3c..11f00bb5 100644
--- a/config
+++ b/config
@@ -1,8 +1,6 @@
-#        Sample Configuration File for Privoxy 3.0.27
+#        Sample Configuration File for Privoxy 3.0.29
 #
-# $Id: config,v 1.115 2017/06/26 12:17:17 fabiankeil Exp $
-#
-# Copyright (C) 2001-2017 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
 #
 #####################################################################
 #                                                                   #
@@ -1208,6 +1206,9 @@ enable-proxy-authentication-forwarding 0
 #      requests aren't rejected. Requests are accepted if the
 #      specified trusted-cgi-refer is the prefix of the Referer.
 #
+#      If the trusted source is supposed to access the CGI pages via
+#      JavaScript the cors-allowed-origin option can be used.
+#
 #      +-----------------------------------------------------+
 #      |                       Warning                       |
 #      |-----------------------------------------------------|
@@ -1217,8 +1218,54 @@ enable-proxy-authentication-forwarding 0
 #      |the user's knowledge.                                |
 #      +-----------------------------------------------------+
 #
-trusted-cgi-referer http://www.example.org/
+#trusted-cgi-referer http://www.example.org/local-privoxy-control-page
+#
+#  4.11. cors-allowed-origin
+#  ==========================
+#
+#  Specifies:
+#
+#      A trusted website which can access Privoxy's CGI pages through
+#      JavaScript.
+#
+#  Type of value:
+#
+#      URL
+#
+#  Default value:
+#
+#      Unset
+#
+#  Effect if unset:
+#
+#      No external sites get access via cross-origin resource
+#      sharing.
+#
+#  Notes:
+#
+#      Modern browsers by default prevent cross-origin requests made
+#      via JavaScript to Privoxy's CGI interface even if Privoxy
+#      would trust the referer because it's white listed via the
+#      trusted-cgi-referer directive.
+#
+#      Cross-origin resource sharing (CORS) is a mechanism to allow
+#      cross-origin requests.
+#
+#      The "cors-allowed-origin" option can be used to specify a
+#      domain that is allowed to make requests to Privoxy CGI
+#      interface via JavaScript. It is used in combination with the
+#      trusted-cgi-referer directive.
+#
+#      +-----------------------------------------------------+
+#      |                       Warning                       |
+#      |-----------------------------------------------------|
+#      |Declaring domains the admin doesn't control          |
+#      |trustworthy may allow malicious third parties to     |
+#      |modify Privoxy's internal state against the user's   |
+#      |wishes and without the user's knowledge.             |
+#      +-----------------------------------------------------+
 #
+#cors-allowed-origin http://www.example.org/
 #
 #  5. FORWARDING
 #  ==============
@@ -2161,6 +2208,7 @@ socket-timeout 300
 #      affected by this directive.
 #
 #client-header-order Host \
+#   User-Agent \
 #   Accept \
 #   Accept-Language \
 #   Accept-Encoding \