Re: CORS performance proposal

On 8 June 2015 at 21:30, Nottingham, Mark <mnotting@akamai.com> wrote:
> A header denoting site-wide metadata would work for this too, of course, if folks were comfortable with the security properties of doing that (as well as the potential response overhead).


The security properties bother me a little.  Alt-Svc is showing us
that we can't just define a header field like that without some
serious analysis.

Received on Tuesday, 9 June 2015 04:43:22 UTC