- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 19 Jul 2019 02:21:59 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 19 July 2019 09:22:21 UTC
That syntax was not for what you think it was for. If a user agent made a request and that request went via multiple cross-origin redirects, the user agent could list all the origins in the `Origin` header with that syntax. And the response to that request would have to echo the exact value. However, all user agents decided to treat that as `null` instead as "stack" inspection was deemed insecure. There never was a feature to allow requests from multiple origins with a single static value (other than `*`). So, to answer your questions: 1. It was never implemented. 2. They return an error because it doesn't match the `Origin` header of the request. 3. Because space-separated meant something else and more importantly comma-separated is the standard syntax for multi-value HTTP headers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/890#issuecomment-513159620
Received on Friday, 19 July 2019 09:22:21 UTC