- From: Karl Dubost <karl@la-grange.net>
- Date: Wed, 4 Dec 2013 10:59:02 -0500
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Jonas Sicking <jonas@sicking.cc>, Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@gmx.de>, Odin Hørthe Omdal <odinho@opera.com>, WebAppSec WG <public-webappsec@w3.org>, Adam Barth <w3c@adambarth.com>
So clochix, who reported the issue, recreated a test case. http://cors2.clochix.net/ * First button creates a cross origin request and returns a 200. * Second button creates a cross origin request Response is 304, Apache removes CORS headers browser sends an error (Firefox 25+, Chromium 31) * 3 and 4 same requests for same domain (aka no CORS) (hope it helps to understand) -- Karl Dubost http://www.la-grange.net/karl/
Received on Wednesday, 4 December 2013 16:00:11 UTC