Re: [cors] Subdomains

On Sun, 25 Jul 2010 14:25:58 +0200, Christoph Päper  
<christoph.paeper@crissov.de> wrote:
> Maybe I’m missing something, but shouldn’t it be easy to use certain  
> groups of origins in ‘Access-Control-Allow-Origin’, e.g. make either the  
> scheme, the host or the port part irrelevant or only match certain  
> subparts of the host part?

We had something like that long ago, but decided the complexity was not  
worth it. At least not for now. So yes, the Commons server would have to  
implement the appropriate logic. It does not actually have to parse the  
header though, as the draft says it could simply contain a list of origins  
it allows requests from and compare the incoming origin against said list.  
That would probably be safer than to try parsing things manually.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Monday, 26 July 2010 06:15:07 UTC