From 9c9f35734e795e3c2cea21384349b655d7ffa164 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sun, 14 Dec 2025 23:24:27 -0800
Subject: Add cors flags

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index a59bcc1..4b741e1 100644
--- a/README.md
+++ b/README.md
@@ -297,7 +297,6 @@ UUID: 123e4567-e89b-12d3-a456-426614174000
 Requests are stored per-topic in a per-request directory: `data/{routeName}/{timestamp}_{uuid}/`:
 
 - `request.json` - full stored request (headers + parsed body + file metadata)
-- `body.json` - parsed body only (convenience)
 - `files/` - uploaded files (multipart only)
 
 Example `request.json`:
@@ -381,6 +380,7 @@ Then configure your reverse proxy:
 - `--host` - Server host (default: 0.0.0.0)
 - `--data-dir` - Data storage directory (default: ./data)
 - `--token-secret` - HMAC secret for token signing (optional, generates random if not provided)
+- `--cors-origins` - Allowed CORS origins (default: `*`). Supports `*`, exact origins (`https://a.com`), and host patterns (`liz.coffee`, `*.liz.coffee`). When not `*`, only `https` origins are allowed. Responses only set `Access-Control-Allow-Origin` (preflight uses the standard allow-\* headers).
 
 ### Environment Variables:
 
-- 
cgit v1.2.3-70-g09d2