diff --git a/README.allow-cross-domain-requests b/README.allow-cross-domain-requests
new file mode 100644
index 0000000..3698930
--- /dev/null
+++ b/README.allow-cross-domain-requests
@@ -0,0 +1,67 @@
+
+# see also:
+#    https://github.com/mconf/api-mate/tree/master#allow-cross-domain-requests
+
+# The API Mate runs on your web browser and most of the API methods 
+# are accesssed through HTTP GET calls, so you can simply click on 
+# a link in the API Mate and you'll access the API method.
+#
+# However, for some other methods (such as API methods accessed via POST) 
+# or some more advanced features, we need to run API calls from the 
+# javascript using ajax. This will result in a cross-domain request, 
+# since a web page (the API Mate) is making requests directly to another 
+# server (your web conference server). Since cross-domain requests are by 
+# default disabled in the browser, they will all fail.
+#
+# We offer two solutions:
+#
+#    1. Change your BigBlueButton/Mconf-Live server to accept cross-domain 
+#       requests (ok, but only recommended for development and testing); or
+#
+#    2. Use a local proxy that will receive the calls and proxy them to your 
+#       web conference server.
+
+
+
+# =====================================================
+# 1. Change your server to accept cross-domain requests
+# =====================================================
+#
+# With this option you will enable cross-origin requests using CORS on your 
+# BigBlueButton/Mconf-Live server.
+#
+# In BigBlueButton/Mconf-Live with Nginx
+# ======================================
+#
+#    Copy to following block of code to the bottom of the file 
+#    /etc/bigbluebutton/nginx/web.nginx, inside the block 
+#    location /bigbluebutton:
+#
+#     location /bigbluebutton {
+#        ...
+#
+#        # add this block!
+#        if ($http_origin) {
+#           add_header Access-Control-Allow-Origin *;
+#           add_header Access-Control-Allow-Methods "GET,POST,OPTIONS";
+#           add_header Access-Control-Allow-Headers  Content-Type;
+#           add_header Access-Control-Max-Age        86400;
+#        }
+#   
+#     }
+#
+# Notice that it will allow cross-domain requests from any host, which is 
+# not recommended! Use it only for test and development.
+#
+# Save it and restart Nginx to apply the changes:
+#
+#     $ sudo /etc/init.d/nginx restart
+
+
+
+# ====================
+# 2. Use a local proxy
+# ====================
+
+# see: https://github.com/mconf/api-mate/tree/master#2-use-a-local-proxy
+