- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 04 Aug 2011 00:12:46 +0200
- To: public-webapps@w3.org, "Philippe De Ryck" <philippe.deryck@cs.kuleuven.be>
On Wed, 03 Aug 2011 19:43:28 +0200, Philippe De Ryck <philippe.deryck@cs.kuleuven.be> wrote: > CORS-ISOLATION-1.Unique Origins: When run in a document with a globally > unique identifier for an origin, the Origin header specification > requires that null should be sent as the value of the Origin header. The > algorithms listed in the CORS specification do not explicitly take the > null value into account, leading to some unlogical scenarios. It is for > instance valid that a request sends origin null and the server responds > with an Allow-Origin header with the value null. Is that problematic? This is a feature. -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 3 August 2011 22:13:28 UTC