W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2011

Re: CORS Findings

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 11 Jul 2011 10:31:58 +0200
To: public-webapps@w3.org, "Ashar Javed" <justashar@gmail.com>
Message-ID: <op.vyf4nk0z64w2qv@annevk-macbookpro.local>
On Mon, 11 Jul 2011 01:09:44 +0200, Ashar Javed <justashar@gmail.com>  
wrote:
> 1) Access-Control-Allow-Origin: *.
>
> In the above case I am getting in response *. (dot after *). Is it fine  
> or typo?

Typo, will not work.


> 2) For another website I am getting in response
>
> Access-Control: allow <*>

Old syntax, will not work.


> 3) For Another website
>
> Access-Control-Allow-Oritin: *
>
> Oritin instead of Origin..

Typo, will not work.


> 4) Finally in another case
>
> Access-Control-Allow-Origin: *
> Access-Control-Allow-Methods: GET,POST
> Access-Control-Request-Headers: X-Requested-With, *
>
> If site operator is using * as a value in Access-Control-Request-Headers:
> then the use of "X-Requested-With" makes sense or only * will be fine?

The former, the * will not match any header field name. However, that  
header only makes sense in the preflight request.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Monday, 11 July 2011 08:32:35 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:46 GMT