Suggestions on CORS in Apache implementation notes

[regisrob]

Since I recently faced the issue with different IIIF providers, I wonder if it would make sense to add a note in the Enabling CORS section to explain that the HTTP Header should also be present on the redirect response. When a manifest or info.json url is redirected to a new one, clients are still broken if the redirect is not itself cors-enabled.

I am not completely sure but I guess this can be solved in Apache by using Header always set ....

It might also be useful to point implementers to https://enable-cors.org, that has recipes for many servers other than Apache.

[glenrobson]

There is this currently:

https://iiif.io/api/annex/notes/apache/

The cookbook group thinks this should be a guide rather than a recipe.

[glenrobson]

@regisrob would you be interested in writing this guide for CORS that can go on the IIIF guides website?