From 3eab2b73b79a8936624b95780730f02aa05a73b3 Mon Sep 17 00:00:00 2001
From: 18alantom <2.alan.tom@gmail.com>
Date: Fri, 4 Jul 2025 15:24:44 +0530
Subject: [PATCH] chore: update readme

---
 frappe/integrations/README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/frappe/integrations/README.md b/frappe/integrations/README.md
index 211614e531..864665c25f 100644
--- a/frappe/integrations/README.md
+++ b/frappe/integrations/README.md
@@ -59,4 +59,12 @@ The settings allow toggling the following features:
 - **Dynamic Client Registration**: by toggling the _Enable Dynamic Client Registration_ field.
 - **Resource Server Metadata Discovery**: by toggling the _Show Protected Resource Metadata_.
 
-The remaining fields (in the **Resource Server** section) are used only when responding to requests on `/.well-known/oauth-protected-resource`
+The remaining fields (in the **Resource** section) are used only when responding to requests on `/.well-known/oauth-protected-resource`
+
+> **Regarding Public Clients**
+>
+> Public clients, for example an SPA, have restricted access by default. This
+> restriction is applied by use of CORS.
+>
+> To side-step this restriction for certain trusted clients, you may add their
+> hostnames to the **Allowed Public Client Origins** field.