Re: CORS and 304

On 12/4/13 6:08 AM, Jonas Sicking wrote:
> Same as for other types of redirects.
>
> If we follow a redirect without checking cors headers first, that leaks
> information. Who knows if that information is sensitive or not.

304 is only sort of a redirect.  At best it's a redirect-to-cache.  It 
just says "use your cached version; the resource hasn't changed".

-Boris

Received on Wednesday, 4 December 2013 14:19:08 UTC