- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 25 Aug 2017 10:51:48 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 25 August 2017 10:52:16 UTC
Idea: 1. We change the syntax and remove `/ wildcard`. It's not needed as it's already part of `field-name`. 2. For requests without credentials we interpret `-Expose-Headers`, `-Allow-Methods`, `-Allow-Headers` containing a wildcard as meaning ALL. For requests with credentials we interpret a wildcard as a literal, the name of a header or method. So basically `*` gets special meaning for requests without credentials, which is what we wanted, but we don't go out of our way to make using `*` impossible. The only scenario where you'd be out of luck is if for requests without credentials you only want to expose or allow a header/method named `*`. The only alternative is using `separators`, such as `@` or `<*>`, but the downside of that would be that it's inconsistent with `-Allow-Origin`, which already uses `*`. @yutakahirano are you okay with the idea? Would be nice to unblock this and get this feature implemented. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/548#issuecomment-324886102
Received on Friday, 25 August 2017 10:52:16 UTC