- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 05 May 2014 23:12:18 -0400
- To: public-web-perf@w3.org
Specifically, this step: If the value of Timing-Allow-Origin is not a case-sensitive match for the value of the Origin header [IETF RFC 6454], return fail and terminate this algorithm. says to fail and terminate for any response for which an Origin header was not sent, as far as I can tell. And nothing really defines when an Origin header is sent, except for CORS fetches. I assume the language currently in the spec is not the actual intent, but if so the spec needs to say what it actually means to say here... -Boris
Received on Tuesday, 6 May 2014 03:12:48 UTC