W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

CORS Allow header in preflight response

From: Pellerin, Clement <Clement_Pellerin@ibi.com>
Date: Tue, 16 Apr 2013 14:28:45 -0400
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <9892EC6224DBC54598164D1F77721D7572AED5C38C@IBIUSMBSB.ibi.com>
What should the value of the Allow header be in the response to a CORS preflight request?
Is the Allow header mandatory, optional, forbidden, ignored?

What should a user agent client do when it gets inconsistent information between the Allow header and the Access-Control-Allow-Methods header?
Received on Tuesday, 16 April 2013 18:29:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:32 UTC