1 files changed, 26 insertions, 9 deletions

diff --git a/doc/source/cors.rst b/doc/source/cors.rst
index 890f7fd..99e5dc0 100644
--- a/doc/source/cors.rst
+++ b/doc/source/cors.rst
@@ -49,18 +49,19 @@ In your application's config file, then include a default configuration block
 something like this::
 
     [cors]
-    allowed_origin=https://website.example.com:443
+    allowed_origin=https://website.example.com:443,https://website2.example.com:443
     max_age=3600
     allow_methods=GET,POST,PUT,DELETE
     allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Custom-Header
     expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Custom-Header
 
-This middleware permits you to define multiple `allowed_origin`'s. To express
-this in your configuration file, first begin with a `[cors]` group as above,
-into which you place your default configuration values. Then add as many
-additional configuration groups as necessary, naming them `[cors.something]`
-(each name must be unique). The purpose of the suffix to `cors.` is
-legibility, we recommend using a reasonable human-readable string::
+This middleware permits you to override the rules for multiple
+`allowed_origin`'s. To express this in your configuration file, first begin
+with a `[cors]` group as above, into which you place your default
+configuration values. Then add as many additional configuration groups as
+necessary, naming them `[cors.something]` (each name must be unique). The
+purpose of the suffix to `cors.` is legibility, we recommend using a
+reasonable human-readable string::
 
     [cors.ironic_webclient]
     # CORS Configuration for a hypothetical ironic webclient, which overrides
@@ -94,16 +95,32 @@ Configuration for pastedeploy
 -----------------------------
 
 If your application is using pastedeploy, the following configuration block
-will add CORS support. To add multiple domains, simply add another filter.::
+will add CORS support.::
 
     [filter:cors]
     paste.filter_factory = oslo_middleware.cors:filter_factory
-    allowed_origin=https://website.example.com:443
+    allowed_origin=https://website.example.com:443,https://website2.example.com:443
     max_age=3600
     allow_methods=GET,POST,PUT,DELETE
     allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Custom-Header
     expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Custom-Header
 
+If your application is using pastedeploy, but would also like to use the
+existing configuration from oslo_config in order to simplify the points of
+configuration, this may be done as follows.::
+
+    [filter:cors]
+    paste.filter_factory = oslo_middleware.cors:filter_factory
+    oslo_config_project = oslo_project_name
+
+    # Optional field, in case the program name is different from the project:
+    oslo_config_program = oslo_project_name-api
+
+    # This method also permits setting latent properties, for any origins set
+    # in oslo config.
+    latent_allow_headers=X-Auth-Token
+    latent_expose_headers=X-Auth-Token
+    latent_methods=GET,PUT,POST
 
 Configuration Options
 ---------------------