- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 25 Sep 2012 14:21:22 -0400
- To: Toni Ruottu <toni.ruottu@iki.fi>
- CC: "gopal.raghavan@nokia.com" <gopal.raghavan@nokia.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 9/25/12 2:15 PM, Toni Ruottu wrote: > What is the expected behaviour? Of browsers, or the server? The expected behavior of a server that wants to allow the main request is to reply to the preflight with relevant Access-Control-Allow-Origin headers and such. The expected behavior of browsers when a server does not do that is to not do the main request. Which is what they're doing. -Boris
Received on Tuesday, 25 September 2012 18:21:53 UTC