From 91babb941e07a1f45636bdcb75675f13ce1503a2 Mon Sep 17 00:00:00 2001
From: Jay Jodiwal <jodiwaljay@gmail.com>
Date: Mon, 31 Aug 2020 03:06:43 +0530
Subject: [PATCH] Update Api docs for credentialed requests (#221)

https://github.com/corydolphin/flask-cors/issues/220
---
 docs/api.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/api.rst b/docs/api.rst
index 5e03ac9..96e49cc 100644
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -46,6 +46,9 @@ cross origins, simply set the `supports_credentials` option to `True`. E.G.
     def helloWorld():
       return "Hello, %s" % session['username']
 
+
+The above code enables Flask backend to accept cookies to be submitted from cross origin sites. But if you are sending Xhr requests (ajax calls) to a cross-origin server, by default chrome or any modern browser won't send cookies and session with the request. You should use ``withCredentials = True`` while sending Xhr request to enable that. You should keep in mind about the necessary security concerns. Related MDN doc: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
+
 Using `CORS` with Blueprints
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~