- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 8 Apr 2015 07:09:27 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Odin Hørthe Omdal <odinho@opera.com>, WebAppSec WG <public-webappsec@w3.org>
On Wed, Apr 8, 2015 at 7:02 AM, Mark Nottingham <mnot@mnot.net> wrote: > Yeah — but just as far as ACEH is concerned. Might also be interesting to check that if you include a new ACAO header it then does fail. Or the even sillier edge case of doing a credentialed fetch and having the 304 add ACAC (requires the original response to use an origin, not *). -- https://annevankesteren.nl/
Received on Wednesday, 8 April 2015 05:09:51 UTC