W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2012

Re: CORS test status

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 25 Sep 2012 14:21:22 -0400
Message-ID: <5061F622.2010006@mit.edu>
To: Toni Ruottu <toni.ruottu@iki.fi>
CC: "gopal.raghavan@nokia.com" <gopal.raghavan@nokia.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 9/25/12 2:15 PM, Toni Ruottu wrote:
> What is the expected behaviour?

Of browsers, or the server?

The expected behavior of a server that wants to allow the main request 
is to reply to the preflight with relevant Access-Control-Allow-Origin 
headers and such.

The expected behavior of browsers when a server does not do that is to 
not do the main request.  Which is what they're doing.

-Boris
Received on Tuesday, 25 September 2012 18:21:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 September 2012 18:21:53 GMT