Re: [fetch] Allow * for Access-Control-Allow-Headers and Access-Control-Allow-Methods (#251) from Takeshi Yoshino on 2016-03-28 (public-webapps-github@w3.org from March 2016)

From: Takeshi Yoshino <notifications@github.com>
Date: Mon, 28 Mar 2016 01:43:00 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/251/202304702@github.com>

I'm fine with allowing the wildcarded ACAH and/or wildcarded ACAM for non-credentialed requests.

The client would recall and iterates on the headers it has sent to create new entries (or updating expiration of) instead of iterating on the result of parsing ACAH / ACAM which is done when they're not wildcarded?

----

>  set up measurements and find out to figure out how much CORS credentialed requests there are vs non-credentialed.

We can measure the ratio between w/ credentials vs w/o credentials, but no idea for studying how many of them are mis-configured.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/251#issuecomment-202304702

Received on Monday, 28 March 2016 08:43:29 UTC