Re: CORS Allow header in preflight response from Anne van Kesteren on 2013-04-22 (public-webappsec@w3.org from April 2013)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 22 Apr 2013 11:56:13 +0100
To: "Pellerin, Clement" <Clement_Pellerin@ibi.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CADnb78hq-rAHdF7yvm+3E33AxZ8v-9nb1vUn1unb8F++5CZbFA@mail.gmail.com>

On Tue, Apr 16, 2013 at 8:30 PM, Pellerin, Clement
<Clement_Pellerin@ibi.com> wrote:
>> On Tue, Apr 16, 2013 at 7:58 PM, Anne van Kesteren wrote:
>> > What should the value of the Allow header be in the response to a CORS preflight request?
>> > Is the Allow header mandatory, optional, forbidden, ignored?
>>
>> Ignored.
>
> Should this be mentioned explicitly in the specification, at least in a non-normative way?

I filed https://www.w3.org/Bugs/Public/show_bug.cgi?id=21764 on
http://fetch.spec.whatwg.org/ which will replace CORS in due course to
consider this.


--
http://annevankesteren.nl/

Received on Monday, 22 April 2013 10:56:40 UTC