[CORS] Does the Authorization header qualify as a CORS credential? from Vladimir Dzhuvinov on 2014-01-10 (public-webappsec@w3.org from January 2014)

From: Vladimir Dzhuvinov <vladimir@dzhuvinov.com>
Date: Fri, 10 Jan 2014 09:45:18 +0200
To: public-webappsec@w3.org
Message-ID: <1389339918.24111.4.camel@shakespeare>

Hi guys,

I'm the maintainer of the Java CORS Filter library and I'm trying to
resolve an issue [1] with a developer.

When Access-Control-Allow-Credentials is advertised, does it apply to
the Authorization header (basic HTTP auth, OAuth, etc), or is it limited
to brower cookies only?

Cheers,

Vladimir

[1] https://bitbucket.org/thetransactioncompany/cors-filter/issue/16/

-- 
Vladimir Dzhuvinov <vladimir@dzhuvinov.com>

Received on Friday, 10 January 2014 07:45:47 UTC