CORS and 304

Karl discovered a bug in the CORS protocol. We do not specify what
happens for a 304 response that does not have CORS headers. If we
follow the logic from redirects, we ought to require CORS headers in
that scenario.

Firefox does this. Chrome does not.

I want to nail this down in the 304 bit of
http://fetch.spec.whatwg.org/ at some point. I thought I'd raise it
here to see what people think.


-- 
http://annevankesteren.nl/

Received on Monday, 25 November 2013 16:34:52 UTC