W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

Re: [cors] Subdomains

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 26 Jul 2010 08:14:08 +0200
To: public-webapps@w3.org, Christoph Päper <christoph.paeper@crissov.de>
Message-ID: <op.vgfsxuan64w2qv@annevk-t60>
On Sun, 25 Jul 2010 14:25:58 +0200, Christoph Päper  
<christoph.paeper@crissov.de> wrote:
> Maybe I’m missing something, but shouldn’t it be easy to use certain  
> groups of origins in ‘Access-Control-Allow-Origin’, e.g. make either the  
> scheme, the host or the port part irrelevant or only match certain  
> subparts of the host part?

We had something like that long ago, but decided the complexity was not  
worth it. At least not for now. So yes, the Commons server would have to  
implement the appropriate logic. It does not actually have to parse the  
header though, as the draft says it could simply contain a list of origins  
it allows requests from and compare the incoming origin against said list.  
That would probably be safer than to try parsing things manually.

Anne van Kesteren
Received on Monday, 26 July 2010 06:15:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:10 UTC