some more doc

sugar/middleware/cors.py

@@ -1,8 +1,10 @@
+from django.conf import settings
+
 class CORSMiddleware(object):
     """
-    Middleware that serves up JSON media types with a CORS header to
-    allow people to use your JSON data from JavaScript without requiring
-    them to proxy it.
+    Middleware that serves up representations with a CORS header to
+    allow third parties to use your web api from JavaScript without 
+    requiring them to proxy it.
     See: http://www.w3.org/TR/cors/
 
     Implement
@@ -11,12 +13,26 @@ class CORSMiddleware(object):
 
     'sugar.middleware.cors.CORSMiddleware',
 
+    This will inject all your 'application/json' responses with:
+
+        Access-Control-Allow-Origin: *
+
+    Optionally you can configure the mediatypes you'd like to have be served 
+    up with CORS in your settings:
+
+    CORS = [ 
+            "{
+                ["application/json", "application/x-suggestions+json"],
+                "Access-Control-Allow-Origin": "*" 
+            }
+           ]
+           hmmm... not sure what to do here (yet)
+
     """
 
     def __init__(self):
         # should any others be added here?
-        self.json_mediatypes = ["application/json",
-                                "application/x-suggestions+json",]
+        self.json_mediatypes = ["application/json"]
 
     def process_response(self, request, response):
         # just get the mediatype (strip charset)

sugar/tests.py

@@ -48,7 +48,7 @@ def test_middleware(self):
         cors = CORSMiddleware()
         request = HttpRequest()
         response = HttpResponse('["foo"]',
-                mimetype='application/json')
+                                mimetype='application/json')
         cors.process_response(request, response)
         self.assertEqual(response['access-control-allow-origin'], '*')