- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 26 Jul 2010 08:14:08 +0200
- To: public-webapps@w3.org, Christoph Päper <christoph.paeper@crissov.de>
On Sun, 25 Jul 2010 14:25:58 +0200, Christoph Päper <christoph.paeper@crissov.de> wrote: > Maybe I’m missing something, but shouldn’t it be easy to use certain > groups of origins in ‘Access-Control-Allow-Origin’, e.g. make either the > scheme, the host or the port part irrelevant or only match certain > subparts of the host part? We had something like that long ago, but decided the complexity was not worth it. At least not for now. So yes, the Commons server would have to implement the appropriate logic. It does not actually have to parse the header though, as the draft says it could simply contain a list of origins it allows requests from and compare the incoming origin against said list. That would probably be safer than to try parsing things manually. -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 26 July 2010 06:15:07 UTC