- From: roryhewitt <notifications@github.com>
- Date: Thu, 15 Sep 2016 13:53:54 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/298/c247452426@github.com>
Hey Tony, Yes, the fetch spec on WHATWG (including the CORS headers) supersedes the W3C spec. Unfortunately, it appears to be a low priority to get this 'publicized' by, for instance, updating the W3C spec to make it clear. Note also that, although the latest fetch spec includes wildcards for the ACAM, ACAH and ACEH headers, I'm not sure whether these special values are actually supported by any browsers yet... Perhaps @annevk can comment? Rory Sent from my phone - please excuse spelling & brevity... On Sep 15, 2016 12:34 PM, "Tony Jin" <notifications@github.com> wrote: > Also not sure how this all goes together, but I noticed the following two > don't match: > https://www.w3.org/TR/cors/#access-control-allow-headers-response-header > https://fetch.spec.whatwg.org/#http-new-header-syntax > > Specifically: > Access-Control-Allow-Headers: "Access-Control-Allow-Headers" ":" > #field-name (in W3) > Access-Control-Allow-Headers = #field-name-or-wildcard (in Fetch Spec) > > As I was writing this I realized the W3 recommendation was published in > Jan 2014, so I guess we'll have to wait for a newer version to be published? > > Does the latest fetch spec's definition of Access-Control-Allow-Headers > supersede the W3 recommendation? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/whatwg/fetch/pull/298#issuecomment-247428907>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/ALBf60j_0OIhrc8xQunqDE1LaTQOZ8v3ks5qqZ2-gaJpZM4IYBHx> > . > -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/298#issuecomment-247452426
Received on Thursday, 15 September 2016 20:54:27 UTC