- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 11 Jul 2011 10:31:58 +0200
- To: public-webapps@w3.org, "Ashar Javed" <justashar@gmail.com>
On Mon, 11 Jul 2011 01:09:44 +0200, Ashar Javed <justashar@gmail.com> wrote: > 1) Access-Control-Allow-Origin: *. > > In the above case I am getting in response *. (dot after *). Is it fine > or typo? Typo, will not work. > 2) For another website I am getting in response > > Access-Control: allow <*> Old syntax, will not work. > 3) For Another website > > Access-Control-Allow-Oritin: * > > Oritin instead of Origin.. Typo, will not work. > 4) Finally in another case > > Access-Control-Allow-Origin: * > Access-Control-Allow-Methods: GET,POST > Access-Control-Request-Headers: X-Requested-With, * > > If site operator is using * as a value in Access-Control-Request-Headers: > then the use of "X-Requested-With" makes sense or only * will be fine? The former, the * will not match any header field name. However, that header only makes sense in the preflight request. -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 11 July 2011 08:32:35 UTC