- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 01 Jul 2011 10:41:00 +0200
- To: "public-webapps@w3.org" <public-webapps@w3.org>, "Ashar Javed" <ashar.javed@tu-harburg.de>
- Cc: michael.hausenblas@deri.org
On Fri, 01 Jul 2011 09:48:43 +0200, Ashar Javed <ashar.javed@tu-harburg.de> wrote: > If a server is returning (Access-Control-Allow-Origin: *) without > setting the Origin header in HTTP request then can we say that server is > not implementing CORS properly? > > With the help of http://web-sniffer.net/, I randomly checked sites (home > pages only) for CORS and nearly 200 sites are returning > (Access-Control-Allow-Origin: *). Doing that seems fine. The specification cannot really forbid that. -- Anne van Kesteren http://annevankesteren.nl/
Received on Friday, 1 July 2011 08:41:53 UTC