- From: Conrad Irwin <conrad.irwin@gmail.com>
- Date: Sat, 24 Sep 2011 15:50:58 -0700
- To: public-webapps@w3.org
Hi all, Is there a reason that Javascript cannot read the Access-Control-* headers in CORS? In particular I was trying to work around a bug in Firefox [1] that means that .getAllResponseHeaders() doesn't get all response headers for CORS requests. It seems that the nicest way to do this would just be to iterate over the list of simple-response-headers, and the contents of the Access-Control-Expose-Headers header. Unfortunately, I'm not able to read the Access-Control-Expose-Headers header, because it was not exposed in the Access-Control-Expose-Headers header :). In general it seems like a useful introspection mechanism — it would allow applications to distinguish between "this header was not set" and "I am not allowed to read this header". It also seems that it would be useful to be able to read the Access-Control-Allow-Headers, and Access-Control-Allow-Methods headers so that the javascript application can adjust its feature set based on what the server will allow. Conrad [1] https://bugzilla.mozilla.org/show_bug.cgi?id=608735
Received on Sunday, 25 September 2011 13:18:05 UTC