On Thu, Jan 9, 2014 at 1:19 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Jan 9, 2014 at 8:16 AM, Mike West <mkwst@google.com> wrote: >> Relying on CORS assumes that any sensitive data that should be available >> cross-origin would have appropriate headers applied to any response. > > It's more complicated as you need to vary the CORS headers based on > the request ("*" no longer works), but that is typically the case for > sensitive data already. I should have elaborated a bit. What I meant is that typically sensitive data already varies based on the request due to it varying based on credentials. -- http://annevankesteren.nl/Received on Thursday, 9 January 2014 13:21:16 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC