Re: [fetch] Update Access-Control-Allow-Headers CORS response header to allow * (allow-all) (#251) from Anne van Kesteren on 2016-03-21 (public-webapps-github@w3.org from March 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Mon, 21 Mar 2016 01:12:25 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/251/199166984@github.com>

@craigfrancis @mozfreddyb if you use credentials you need to include another header too, so that example wouldn't magically pass the CORS check unless you also included that other header.

@roryhewitt do use credentials with CORS? FWIW, I don't really disagree with your position, but as I mentioned elsewhere I'm not really the gatekeeper here. As for reference implementations, I'm not sure we have the bandwidth to maintain that, or are you volunteering? I'm personally also a little wary of writing both the specification and implementation as that leads to tunnel vision issues.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/251#issuecomment-199166984

Received on Monday, 21 March 2016 08:12:52 UTC