--- Revision 636636313834
+++ Revision 313438613730
@@ -30,7 +30,7 @@
 
 
 [https://origin.tld]
-allowed_methods = GET, PUT, POST, DELETE
+allow_methods = GET, PUT, POST, DELETE
 allow_headers = x-couchdb-...
 allow_credentials = true
 allow_server_admins = true
@@ -53,18 +53,19 @@
 
 work flow : 
 
-is origins list not empty in ini 
-no -> is admin set ? 
+is origins list empty in ini
+yes -> is     admin set ? 
   yes -> stop 
   no -> return "*" , credentials false (with a good caching policy) 
-yes -> 
-
-is origin in .ini ? 
-yes -> use cors rules for it 
-no -> are we on a db resource ? 
-  yes -> are origins in db sec obj 
-   
-yes -> 
-   is origin in list ? 
-   no -> stop 
-   yes -> ... 
+no -> 
+  is origin in .ini ? 
+  yes ->
+    is origin in list ?
+    yes ->
+      set the cors headers based on .ini
+      then are we on a db resource ?
+        yes ->
+          apply the intersection of .ini with db resource
+    no -> stop 
+  no ->
+    <bikeshed defaults>