- From: Vladimir Dzhuvinov <vladimir@dzhuvinov.com>
- Date: Mon, 09 Jan 2012 14:17:50 +0000
- To: Anne van Kesteren <annevk@opera.com>
- Cc: public-webapps@w3.org
On Sat, 2011-12-17 at 16:10 +0100, Anne van Kesteren wrote: > On Fri, 29 Jul 2011 14:25:07 +0200, Vladimir Dzhuvinov > <vladimir@dzhuvinov.com> wrote: > > Regarding "6. Resource processing model": [item 3] "A list of headers > > consisting of zero or more header field names that are supported by > > the resource.": > > > > Is this list supposed to be > > > > 1) of the non-simple headers only - as per > > http://dev.w3.org/2006/waf/access-control/#simple-header or > > > > 2) of all supported headers that the author may choose to set, > > including those that qualify as simple? > > > > Because right now the Java CORS filter expects to receive only > > non-simple headers in "Access-Control-Request-Headers", and if for > > some reason the browser has decided to include a simple header, e.g. > > "Accept", in the preflight request it won't be allowed to proceed. > > My apologies for forgetting to reply to this message. Fortunately it was > still somewhere in my inbox! It seems your Java CORS filter has a bug as > simple headers can be included there (for consistency). This and a few other issues with the CORS Filter were sorted out last year thanks to user feedback and patches. Happy new year, Anne! -- Vladimir Dzhuvinov :: vladimir@dzhuvinov.com
Received on Monday, 9 January 2012 15:18:44 UTC