From 474e8fd38d0615f4f8bfa25d708d81d328e7719d Mon Sep 17 00:00:00 2001
From: Anselm Hannemann <info@anselm-hannemann.com>
Date: Tue, 24 Feb 2015 09:46:25 +0100
Subject: [PATCH] More infos on CORS in README

Again #25.
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 644e2fc..220ed16 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,8 @@ For example you need to set the header to:
 
 This should fix [the issue](https://github.com/anselmh/object-fit/issues/7). If you also need to support credentials, [you can’t use `*`](#25) but need the server reply with two headers (server needs also to reply with `Access-Control-Allow-Credentials: true`), one of which includes the origin in question.
 
+It is recommended to add the attribute `crossorigin="use-credentials"` to your CSS `link` element that is called from the external resource to indicate what type of CORS the server should reply with.
+
 In case you can’t alter the CSP / CORS settings of the server in question, you can disable parsing external CSS files in the config of the call:
 
 	<script>