Re: CORS test status from Toni Ruottu on 2012-09-25 (public-webappsec@w3.org from September 2012)

From: Toni Ruottu <toni.ruottu@iki.fi>
Date: Tue, 25 Sep 2012 21:15:34 +0300
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: "gopal.raghavan@nokia.com" <gopal.raghavan@nokia.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CA+F4AWq70tC-eyG=PSx7xmWLta2C5PVb+5W8Qsv=uXKr-M0=Kw@mail.gmail.com>

What is the expected behaviour?

On Tuesday, 25 September 2012, Boris Zbarsky wrote:

> On 9/25/12 1:35 PM, gopal.raghavan@nokia.com wrote:
>
>> You can run all the CORS testes using testRunner.
>>
>> http://w3c-test.org/webappsec/**tests/testRunner/<http://w3c-test.org/webappsec/tests/testRunner/>
>>
>
> I see every browser fail every test in http://w3c-test.org/webappsec/**
> tests/cors/submitted/opera/js/**status-preflight.htm<http://w3c-test.org/webappsec/tests/cors/submitted/opera/js/status-preflight.htm>
>
> And as far as I can tell, that's because the response to the preflight has
> no Access-Control-* headers at all.  So the preflight fails.
>
> -Boris
>
>

Received on Tuesday, 25 September 2012 18:16:02 UTC