- From: Pellerin, Clement <Clement_Pellerin@ibi.com>
- Date: Tue, 16 Apr 2013 14:28:45 -0400
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
What should the value of the Allow header be in the response to a CORS preflight request? Is the Allow header mandatory, optional, forbidden, ignored? What should a user agent client do when it gets inconsistent information between the Allow header and the Access-Control-Allow-Methods header?
Received on Tuesday, 16 April 2013 18:29:58 UTC