From 8883c8b5efdb767627c67953ee9c75a4fb0ee906 Mon Sep 17 00:00:00 2001
From: Marius Kleidl <marius@transloadit.com>
Date: Wed, 12 Jun 2024 09:35:00 +0200
Subject: [PATCH] docs: Mention CORS in hook responses

To clarify a question that appeared in https://github.com/tus/tusd/issues/1144
---
 docs/_advanced-topics/hooks.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/_advanced-topics/hooks.md b/docs/_advanced-topics/hooks.md
index dee431f9c..8e87a1204 100644
--- a/docs/_advanced-topics/hooks.md
+++ b/docs/_advanced-topics/hooks.md
@@ -142,6 +142,13 @@ Below you can find an annotated, JSON-ish encoded example of a hook response:
         // Body is the response body.
         "Body": "{\"message\":\"the upload is too big\"}",
         // Header contains additional HTTP headers for the response. The values are strings.
+        // The uploading client can retrieve these header, allowing the server to send
+        // information back to the client. Note that if you are using custom headers and want
+        // them to be accessible by JavaScript running inside a browser, you likely have to
+        // configure Cross-Origin Resource Sharing (CORS) to include your custom header in
+        // Access-Control-Expose-Headers or otherwise browsers will block access to the custom
+        // header. See https://tus.github.io/tusd/getting-started/configuration/#cross-origin-resource-sharing-cors
+        // for more details about tusd and CORS.  
         "Header": {
             "Content-Type": "application/json"
         },