Re: [whatwg/fetch] More wildcards in CORS when used without credentials (#298)

>  Access-Control-Max-Age           = <a class="external" data-anolis-spec="http-caching" href="https://tools.ietf.org/html/rfc7234#section-1.2.1">delta-seconds</a>
> -Access-Control-Allow-Methods     = #<a class="external" data-anolis-spec="http" href="https://tools.ietf.org/html/rfc7230#section-3.1.1">method</a>
> -Access-Control-Allow-Headers     = #<a class="external" data-anolis-spec="http" href="https://tools.ietf.org/html/rfc7230#section-3.2">field-name</a></pre>
> +Access-Control-Allow-Methods     = #<a class="external" data-anolis-spec="http" href="https://tools.ietf.org/html/rfc7230#section-3.1.1">method</a> / wildcard
> +Access-Control-Allow-Headers     = #field-name-or-wildcard</pre>

ah, is this intended to allow putting * and Authorization together?

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/298/files/0d6f5f2a0fadbe7b99ad6d21ab908eecd1db7d1f#r62298357

Received on Friday, 6 May 2016 07:51:26 UTC