W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: CORS and 304

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 8 Apr 2015 07:09:27 +0200
Message-ID: <CADnb78hmiaxAnnBZ=JOhZ+phoVqCoRzHdDhRixJ8uEmS6bRphQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Odin Hørthe Omdal <odinho@opera.com>, WebAppSec WG <public-webappsec@w3.org>
On Wed, Apr 8, 2015 at 7:02 AM, Mark Nottingham <mnot@mnot.net> wrote:
> Yeah — but just as far as ACEH is concerned.

Might also be interesting to check that if you include a new ACAO
header it then does fail. Or the even sillier edge case of doing a
credentialed fetch and having the 304 add ACAC (requires the original
response to use an origin, not *).

Received on Wednesday, 8 April 2015 05:09:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC