W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

[CORS] Does the Authorization header qualify as a CORS credential?

From: Vladimir Dzhuvinov <vladimir@dzhuvinov.com>
Date: Fri, 10 Jan 2014 09:45:18 +0200
Message-ID: <1389339918.24111.4.camel@shakespeare>
To: public-webappsec@w3.org
Hi guys,

I'm the maintainer of the Java CORS Filter library and I'm trying to
resolve an issue [1] with a developer.

When Access-Control-Allow-Credentials is advertised, does it apply to
the Authorization header (basic HTTP auth, OAuth, etc), or is it limited
to brower cookies only?

Cheers,

Vladimir

[1] https://bitbucket.org/thetransactioncompany/cors-filter/issue/16/

-- 
Vladimir Dzhuvinov <vladimir@dzhuvinov.com>
Received on Friday, 10 January 2014 07:45:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC