W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: CORS performance

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 25 Feb 2015 10:49:25 +0100
Message-ID: <CADnb78gf_RaxGg4dXRHQ81e-nRJmakrnfKwbtZME6_DAfONBbQ@mail.gmail.com>
To: Jonas Sicking <jonas@sicking.cc>
Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Brad Hill <hillbrad@gmail.com>, WebAppSec WG <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>, Monsur Hossain <monsur@gmail.com>, Dale Harvey <dale@arandomurl.com>
On Tue, Feb 24, 2015 at 7:33 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> On Tue, Feb 24, 2015 at 3:25 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> If we only do it for this, could we combine that feature with the
>> existing preflight then? Support a "Access-Control-Allow-Origin-Wide:
>> true" header or some such that's mutually exclusive with
>> "Access-Control-Allow-Credentials: true".
> I don't have opinions on this.

I filed https://www.w3.org/Bugs/Public/show_bug.cgi?id=28099

It would still be great to see data, hear from web developers, and
hear from other browsers. I feel like we don't really have enough to
go on yet, but at least we have a somewhat concrete plan for the case
that does not involve credentials.

Received on Wednesday, 25 February 2015 09:49:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:46 UTC