W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: [CORS] Does the Authorization header qualify as a CORS credential?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 10 Jan 2014 15:56:27 +0000
Message-ID: <CADnb78joMJY=S3UCAmH3W08r2HcX75fZXSNDX-eW03KKt83TfA@mail.gmail.com>
To: "Eduardo' Vela" <evn@google.com>
Cc: Vladimir Dzhuvinov <vladimir@dzhuvinov.com>, WebAppSec WG <public-webappsec@w3.org>, Jonas Sicking <jonas@sicking.cc>
On Fri, Jan 10, 2014 at 3:47 PM, Eduardo' Vela" <Nava> <evn@google.com> wrote:
> Worth noting it doesn't apply for SSL-level cert auth.

So according to Jonas it does apply to client certificates. See this
thread: http://lists.w3.org/Archives/Public/public-webapps/2013AprJun/thread.html#msg487
Standards are behind here, mostly due to it not having been explaining
in sufficient detail yet what exactly is going on.

Received on Friday, 10 January 2014 15:56:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:36 UTC