- From: Jxck <notifications@github.com>
- Date: Thu, 18 Jul 2019 15:50:45 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 18 July 2019 22:51:13 UTC
@annevk few more questions. old cors spec seems allow 'origin-list-or-null' for A-C-A-O. and its space separated list of serialized origins. https://www.w3.org/TR/cors/#access-control-allow-origin-response-header 1, why this isn't imported to fetch spec now? 2, current browser return [error for multiple origins](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMultipleAllowOriginNotAllowed) , so it seems browser can parse them and deny. so I thought there are security consideration for multiple origins rather than parse model error. but if parse model standardized, this is not considered error anymore? 3, why you prefer comma separated rather than space separated style in old-cors spec in your 3rd choice? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/890#issuecomment-513021136
Received on Thursday, 18 July 2019 22:51:13 UTC