- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 22 Jan 2008 19:58:10 +0000 (UTC)
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Mark Nottingham <mnot@yahoo-inc.com>, "WAF WG (public)" <public-appformats@w3.org>
On Tue, 22 Jan 2008, Anne van Kesteren wrote: > > > > Access-Control: allow <example.com> method GET > > Access-Control: POST > > Access-Control: PUT, DELETE, deny <example.org> method POST > > Access-Control: GET > > > > Will clients be able to parse this correctly? Please don't repeat the > > mistakes of the Set-Cookie header; this is very bad practice. It would > > be better to leverage existing syntax from other headers; e.g., > > > > Access-Control: allow="example.com"; method="GET POST PUT DELETE", > > deny="example.org"; method="POST GET" > > Good point. Is the rest of the WG ok with changing this? Jonas? Oops, I missed that when I read the spec. I recommend just changing the #Method from being comma-separated to being space-separated, as in: Access-Control: allow <example.com> method GET PUT -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 22 January 2008 19:58:23 UTC