- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 25 Feb 2015 10:49:25 +0100
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Brad Hill <hillbrad@gmail.com>, WebAppSec WG <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>, Monsur Hossain <monsur@gmail.com>, Dale Harvey <dale@arandomurl.com>
On Tue, Feb 24, 2015 at 7:33 PM, Jonas Sicking <jonas@sicking.cc> wrote: > On Tue, Feb 24, 2015 at 3:25 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> If we only do it for this, could we combine that feature with the >> existing preflight then? Support a "Access-Control-Allow-Origin-Wide: >> true" header or some such that's mutually exclusive with >> "Access-Control-Allow-Credentials: true". > > I don't have opinions on this. I filed https://www.w3.org/Bugs/Public/show_bug.cgi?id=28099 It would still be great to see data, hear from web developers, and hear from other browsers. I feel like we don't really have enough to go on yet, but at least we have a somewhat concrete plan for the case that does not involve credentials. -- https://annevankesteren.nl/
Received on Wednesday, 25 February 2015 09:49:49 UTC