[fetch] Update Access-Control-Allow-Headers CORS response header to allow * (allow-all) (#251) from roryhewitt on 2016-03-18 (public-webapps-github@w3.org from March 2016)

From: roryhewitt <notifications@github.com>
Date: Thu, 17 Mar 2016 18:09:36 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/251@github.com>

This has almost certainly been discussed before, but would it be possible to allow * (allow-all) as a separate value for the **Access-Control-Allow-Headers** CORS response header?

This would allow _all_ non-simple headers passed in the request to be added to the browser's preflight cache. This si currently possible by simply mirroring back the value of the **Access-Control-Request-Headers** request header, but this would be much simpler. The browser would need to track the request headers passed and add them all to their preflight cache (rather than simply parse them out from the **Access-Control-Allow-Headers** response header, assuming that's what they currently do), but that's not too hard to do.

So the spec would become the following:

Access-Control-Allow-Headers = "Access-Control-Allow-Headers" ":" #field-name | "*"

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/251

Received on Friday, 18 March 2016 01:10:08 UTC