Re: [whatwg/fetch] No documentation on how a server must response to a wrong CORS-headers-request. (#1102) from Ross A. Baker on 2021-10-04 (public-webapps-github@w3.org from October 2021)

From: Ross A. Baker <notifications@github.com>
Date: Mon, 04 Oct 2021 08:08:34 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1102/933579129@github.com>

I have the same question and did a [survey of various server implementations](https://github.com/http4s/http4s/issues/5322#issuecomment-933547345).  The prior [W3C spec](https://www.w3.org/TR/2020/SPSD-cors-20200602/#resource-preflight-requests) was more prescriptive on the server side.  I'm curious whether the Fetch API Spec is looser because those rules were deemed too prescriptive, or because that spec is just more focused on the client.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1102#issuecomment-933579129

Received on Monday, 4 October 2021 15:08:46 UTC