W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

Re: [cors] Subdomains

From: Christoph Päper <christoph.paeper@crissov.de>
Date: Mon, 26 Jul 2010 00:34:15 +0200
Message-Id: <6EB75C4D-74F2-46EB-A09E-7B5EA8EAA66E@crissov.de>
To: public-webapps@w3.org
Tab Atkins Jr.:
> On Sun, Jul 25, 2010 at 5:25 AM, Christoph Päper
>> 
>>  Access-Control-Allow-Origin: http://*.wikipedia.org
> 
> This one might work, but:
> 
>>  Access-Control-Allow-Origin: http://example.*, http://example.co.*
> 
> This one won't, because it'll match "example.co.evilsite.com".

I included example.co.* to suggest that the asterisk is a placeholder for one level only (also works with IPv4 addresses), but yes, right-side wildcards are probably a worse and less useful idea than left-side ones.
Received on Sunday, 25 July 2010 22:34:50 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:40 GMT