- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 5 Sep 2014 10:12:42 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Валерий Котов <kotov.valery@gmail.com>, WebApps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>
On Fri, Sep 5, 2014 at 10:06 AM, Mark Nottingham <mnot@mnot.net> wrote: > That would be foolish, since browsers don’t have an exclusive license to emit HTTP requests. No, but only browsers are capable of executing untrusted requests within the current network of the user. But if OPTIONS * is not so important, I'll happily leave it out. > FWIW - https://www.mnot.net/blog/2012/10/29/NO_OPTIONS I remember, had you posted that a couple years prior, the CORS protocol would've used CORS. -- http://annevankesteren.nl/
Received on Friday, 5 September 2014 08:13:09 UTC