Merge pull request #938 from paddatrapper/cors-doc

Document CORS configuration better

docs/manual/general/index.md

@@ -50,7 +50,9 @@ wish. (There is more about this feature in the
 *Advanced Configuration* section of this book).
 
 The **Allowed CORS URLs** is intended to deal with situations where you want a
-remote site with a different domain to access the API.
+remote site with a different domain to access the API. This is relevant when
+there is a reverse proxy server in front of LibreTime. If you are using a
+reverse proxy, the URLs that will be used to access it should be added here.
 
 The **Display login button on your Radio Page?** will determine whether visitors
 to your site see a link to login. If this is disabled DJs and admins will need

docs/manual/getting-started/index.md

@@ -94,3 +94,15 @@ your LibreTime server has made to this Icecast server. If you have only just
 installed LibreTime, there may not be any media playing out yet.
 
 ![](static/Screenshot293-Icecast_status_page.png)
+
+Reverse Proxy Connections
+-------------------------
+In some deployments, the LibreTime server is deployed behind a reverse proxy,
+for example in containerization use-cases such as Docker and LXC. LibreTime
+makes extensive use of its API for some site functionality, which causes
+[Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
+to occur. By default, CORS requests are blocked by your browser and the origins
+need to be added to the **Allowed CORS URLs** block in
+[**General Settings**](/manual/general/). These origins should include any
+domains that will be used externally to connect to your reverse proxy that you
+want handled by LibreTime.