Re: [cors] Two minor processing issues

On Wed, 03 Aug 2011 19:43:28 +0200, Philippe De Ryck  
<> wrote:
> CORS-ISOLATION-1.Unique Origins: When run in a document with a globally
> unique identifier for an origin, the Origin header specification
> requires that null should be sent as the value of the Origin header. The
> algorithms listed in the CORS specification do not explicitly take the
> null value into account, leading to some unlogical scenarios. It is for
> instance valid that a request sends origin null and the server responds
> with an Allow-Origin header with the value null.

Is that problematic? This is a feature.

Anne van Kesteren

Received on Wednesday, 3 August 2011 22:13:28 UTC