- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 15 Dec 2009 14:37:32 -0800
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Scott Parkerson <scott.parkerson@gmail.com>, public-webapps@w3.org
On Tue, Dec 15, 2009 at 4:10 AM, Anne van Kesteren <annevk@opera.com> wrote: > On Mon, 14 Dec 2009 11:03:27 +0100, Jonas Sicking <jonas@sicking.cc> wrote: >> >> My recollection from the meeting in seattle was that we did not want >> to allow this. >> >> In any case, it does seem like a very strange feature to me. Sending >> >> Access-Control-Allow-Origin: null >> >> would then mean essentially, "allow access to everyone who I don't >> know who it is". I can't think of a situation where this makes sense. > > The use case we discussed was allowing e.g. personalized search results even > from things that do not have an origin. (You cannot do that with * because > we explicit disallowed credentials there.) Hmm.. ok, i guess i buy that. / Jonas
Received on Tuesday, 15 December 2009 22:38:32 UTC