- From: roryhewitt <notifications@github.com>
- Date: Tue, 22 Mar 2016 09:32:55 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 22 March 2016 16:33:26 UTC
@craigfrancis, One thing I suspect is that users like to be able to specify `Access-Control-Allow-Origin: *` since it means that they don't need to worry about supplying the **Vary: Origin** header (for correct browser/proxy caching). So maybe in their code, they include a check for Origin, and if it's on their 'safe' list, they respond with: `Access-Control-Allow-Origin: *` rather than `Access-Control-Allow-Origin: http://www.goodguy.com` --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/251#issuecomment-199892173
Received on Tuesday, 22 March 2016 16:33:26 UTC