Skip to content

Commit

Permalink
Update amp-cors-requests.md (#9636)
Browse files Browse the repository at this point in the history 
Added updates and corrections per Dima's feedback.
  • Loading branch information
Barb Paduch authored and Dima Voytenko committed Jun 1, 2017
1 parent 482270b commit 16e216d
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions spec/amp-cors-requests.md
View file
Expand Up @@ -129,7 +129,7 @@ Endpoints should restrict requests to allow only the following origins:
- **Google AMP Cache subdomain**: `https://<publisher's subdomain>.cdn.ampproject.org`
(for example, `https://nytimes-com.cdn.ampproject.org`)
- **Google AMP Cache (legacy)**: `https://cdn.ampproject.org`
- **Cloudflare AMP Cache**: `https:<publisher's domain>.amp.cloudflare.com`
- **Cloudflare AMP Cache**: `https://<publisher's domain>.amp.cloudflare.com`
- The Publisher’s own origins

For information on AMP Cache URL formats, see these resources:
Expand Down Expand Up @@ -171,11 +171,14 @@ following:

**If the `Origin` header is set**:

1. If the origin is not one of the following values, stop and return an error
1. If the origin does not match one of the following values, stop and return an error
response:
- `*.ampproject.org`
- `*.amp.cloudflare.com`
- the publisher's origin (aka yours)

where `*` represents a wildcard match, and not an actual asterisk ( * ).

2. If the value of the `__amp_source_origin` query parameter is not the
publisher's origin, stop and return an error response.
3. If the two checks above pass, process the request.
Expand Down

0 comments on commit 16e216d

Please sign in to comment.