- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 15 Dec 2009 13:10:48 +0100
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Scott Parkerson" <scott.parkerson@gmail.com>, public-webapps@w3.org
On Mon, 14 Dec 2009 11:03:27 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > My recollection from the meeting in seattle was that we did not want > to allow this. > > In any case, it does seem like a very strange feature to me. Sending > > Access-Control-Allow-Origin: null > > would then mean essentially, "allow access to everyone who I don't > know who it is". I can't think of a situation where this makes sense. The use case we discussed was allowing e.g. personalized search results even from things that do not have an origin. (You cannot do that with * because we explicit disallowed credentials there.) -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 15 December 2009 12:11:32 UTC