W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

Re: CORS Allow header in preflight response

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 16 Apr 2013 19:33:18 +0100
Message-ID: <CADnb78gGXO4mAaRC_m8soY+O9daNUjJhBVopQBfMBXT6+vz_9w@mail.gmail.com>
To: "Pellerin, Clement" <Clement_Pellerin@ibi.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Apr 16, 2013 at 7:28 PM, Pellerin, Clement
<Clement_Pellerin@ibi.com> wrote:
> What should the value of the Allow header be in the response to a CORS preflight request?
> Is the Allow header mandatory, optional, forbidden, ignored?


> What should a user agent client do when it gets inconsistent information between the Allow header and the Access-Control-Allow-Methods header?

Does not matter.

Received on Tuesday, 16 April 2013 18:33:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:32 UTC