Re: [cors] 7.2 seems to make * unusable from Boris Zbarsky on 2011-12-04 (public-webapps@w3.org from October to December 2011)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sat, 03 Dec 2011 20:38:37 -0500
To: public-webapps@w3.org
Message-ID: <4EDACF1D.3000209@mit.edu>

On 12/3/11 7:55 PM, Benson Margulies wrote:
> 7.2.2 says that if the response is "*" and credentials are off, we
> fail.

The text I'm looking at right now is:

   If the Access-Control-Allow-Origin header value is the literal "*"
   character and the credentials flag is false return pass and terminate
   this algorithm.

The key part being "return pass", no?

-Boris

Received on Sunday, 4 December 2011 01:39:05 UTC