docs: dockerd: remove --api-cors-header (deprecated)

thaJeztah · thaJeztah · commit 1a0e32099a2b · 2024-09-16T12:20:54.000+02:00
Updates 9d9bb19 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff --git a/docs/deprecated.md b/docs/deprecated.md
@@ -54,7 +54,7 @@ The following table provides an overview of the current status of deprecated fea
 | Status     | Feature                                                                                                                            | Deprecated | Remove |
 |------------|------------------------------------------------------------------------------------------------------------------------------------|------------|--------|
 | Deprecated | [Non-standard fields in image inspect](#non-standard-fields-in-image-inspect)                                                      | v27.0      | v28.0  |
-| Deprecated | [API CORS headers](#api-cors-headers)                                                                                              | v27.0      | v28.0  |
+| Removed    | [API CORS headers](#api-cors-headers)                                                                                              | v27.0      | v28.0  |
 | Deprecated | [Graphdriver plugins (experimental)](#graphdriver-plugins-experimental)                                                            | v27.0      | v28.0  |
 | Deprecated | [Unauthenticated TCP connections](#unauthenticated-tcp-connections)                                                                | v26.0      | v28.0  |
 | Deprecated | [`Container` and `ContainerConfig` fields in Image inspect](#container-and-containerconfig-fields-in-image-inspect)                | v25.0      | v26.0  |
@@ -177,18 +177,19 @@ and a custom [snapshotter](https://github.com/containerd/containerd/tree/v1.7.18
 ### API CORS headers
 
 **Deprecated in Release: v27.0**
-**Target For Removal In Release: v28.0**
+**Disabled by default in Release: v27.0**
+**Removed in release: v28.0**
 
 The `api-cors-header` configuration option for the Docker daemon is insecure,
 and is therefore deprecated and scheduled for removal.
 Incorrectly setting this option could leave a window of opportunity
 for unauthenticated cross-origin requests to be accepted by the daemon.
 
-Starting in Docker Engine v27.0, this flag can still be set,
+In Docker Engine v27.0, this flag can still be set,
 but it has no effect unless the environment variable
 `DOCKERD_DEPRECATED_CORS_HEADER` is also set to a non-empty value.
 
-This flag will be removed altogether in v28.0.
+This flag has been removed altogether in v28.0.
 
 This is a breaking change for authorization plugins and other programs
 that depend on this option for accessing the Docker API from a browser.
diff --git a/docs/reference/dockerd.md b/docs/reference/dockerd.md
@@ -25,7 +25,6 @@ A self-sufficient runtime for containers.
 Options:
       --add-runtime runtime                   Register an additional OCI compatible runtime (default [])
       --allow-nondistributable-artifacts list Allow push of nondistributable artifacts to registry
-      --api-cors-header string                Set CORS headers in the Engine API
       --authorization-plugin list             Authorization plugins to load
       --bip string                            Specify network bridge IP
   -b, --bridge string                         Attach containers to a network bridge
@@ -1015,7 +1014,6 @@ The following is a full example of the allowed configuration options on Linux:
 ```json
 {
   "allow-nondistributable-artifacts": [],
-  "api-cors-header": "",
   "authorization-plugins": [],
   "bip": "",
   "bridge": "",
