- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 2 Jun 2014 10:55:16 +0200
- To: WebAppSec WG <public-webappsec@w3.org>
- Cc: Jonas Sicking <jonas@sicking.cc>, Adam Barth <w3c@adambarth.com>, Maciej Stachowiak <mjs@apple.com>, Travis Leithead <Travis.Leithead@microsoft.com>
Allowing Access-Control-Allow-Origin: null Access-Control-Allow-Credentials: true is effectively equivalent to allowing Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true given sandboxing. Given that we do not allow the latter, should we start banning the former? -- http://annevankesteren.nl/
Received on Monday, 2 June 2014 08:55:44 UTC