docs: Mention CORS in hook responses

To clarify a question that appeared in #1144
tus · Jun 12, 2024 · 8883c8b · 8883c8b
1 parent b4b4e9c
commit 8883c8b
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/docs/_advanced-topics/hooks.md b/docs/_advanced-topics/hooks.md
@@ -142,6 +142,13 @@ Below you can find an annotated, JSON-ish encoded example of a hook response:
  // Body is the response body.
  "Body": "{\"message\":\"the upload is too big\"}",
  // Header contains additional HTTP headers for the response. The values are strings.
+ // The uploading client can retrieve these header, allowing the server to send
+ // information back to the client. Note that if you are using custom headers and want
+ // them to be accessible by JavaScript running inside a browser, you likely have to
+ // configure Cross-Origin Resource Sharing (CORS) to include your custom header in
+ // Access-Control-Expose-Headers or otherwise browsers will block access to the custom
+ // header. See https://tus.github.io/tusd/getting-started/configuration/#cross-origin-resource-sharing-cors
+ // for more details about tusd and CORS. 
  "Header": {
  "Content-Type": "application/json"
  },