Re: [cors] Subdomains

Tab Atkins Jr.:
> On Sun, Jul 25, 2010 at 5:25 AM, Christoph Päper
>> 
>>  Access-Control-Allow-Origin: http://*.wikipedia.org
> 
> This one might work, but:
> 
>>  Access-Control-Allow-Origin: http://example.*, http://example.co.*
> 
> This one won't, because it'll match "example.co.evilsite.com".

I included example.co.* to suggest that the asterisk is a placeholder for one level only (also works with IPv4 addresses), but yes, right-side wildcards are probably a worse and less useful idea than left-side ones.

Received on Sunday, 25 July 2010 22:34:50 UTC