- From: Christoph Päper <christoph.paeper@crissov.de>
- Date: Mon, 26 Jul 2010 00:34:15 +0200
- To: public-webapps@w3.org
Tab Atkins Jr.: > On Sun, Jul 25, 2010 at 5:25 AM, Christoph Päper >> >> Access-Control-Allow-Origin: http://*.wikipedia.org > > This one might work, but: > >> Access-Control-Allow-Origin: http://example.*, http://example.co.* > > This one won't, because it'll match "example.co.evilsite.com". I included example.co.* to suggest that the asterisk is a placeholder for one level only (also works with IPv4 addresses), but yes, right-side wildcards are probably a worse and less useful idea than left-side ones.
Received on Sunday, 25 July 2010 22:34:50 UTC