diff options
author | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-04-26 20:47:46 +0200 |
---|---|---|
committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-04-26 20:47:46 +0200 |
commit | b5e65e051f29e8a4dae002ca008077d835db77d2 (patch) | |
tree | 310792849cb1a819d7bb828e8ef1790af852afca | |
parent | 699bbd7cb886ca1c05d88e588f9a0bf0fc939159 (diff) |
typo
-rw-r--r-- | docs/api/v2/README.md | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/docs/api/v2/README.md b/docs/api/v2/README.md index 162b2da10..33e326744 100644 --- a/docs/api/v2/README.md +++ b/docs/api/v2/README.md @@ -1,6 +1,6 @@ # Sync API v2 (Draft) -The **News app** offers a RESTful API which can be used to sync folders, feeds and items. +The **News app** offers a RESTful API which can be used to sync folders, feeds and items. The API also supports [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) which means that you can access the API from your browser using JavaScript. ## API Stability Contract @@ -95,8 +95,6 @@ The response body is a JSON structure that looks like this: } ``` -The API also supports [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) which means that you can access the API from your browser using JavaScript. - ## Security Guidelines Read the following notes carefully to prevent being subject to security exploits: * All string fields in a JSON response unless explicitly noted otherwise are provided in without sanitation. This means that if you do not escape it properly before rendering you will be vulnerable to [XSS](https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29) attacks |