Re: CORS and 304

> On 8 Apr 2015, at 3:09 pm, Anne van Kesteren <annevk@annevk.nl> wrote:
> 
> On Wed, Apr 8, 2015 at 7:02 AM, Mark Nottingham <mnot@mnot.net> wrote:
>> Yeah — but just as far as ACEH is concerned.
> 
> Might also be interesting to check that if you include a new ACAO
> header it then does fail. Or the even sillier edge case of doing a
> credentialed fetch and having the 304 add ACAC (requires the original
> response to use an origin, not *).

<http://www.w3.org/TR/cors/#access-control-allow-origin-response-header>:

"""
The Access-Control-Allow-Origin header indicates whether a resource can be shared based by returning the value of the Origin request header, "*", or "null" in the response.
"""

What does that *mean*?



--
Mark Nottingham   https://www.mnot.net/

Received on Wednesday, 8 April 2015 05:31:28 UTC