Re: CORS performance proposal

On Tue, Jun 9, 2015 at 6:42 AM, Martin Thomson <> wrote:
> The security properties bother me a little.  Alt-Svc is showing us
> that we can't just define a header field like that without some
> serious analysis.

Same goes for a site-wide file. See crossdomain.xml. However, either
coupled with "credentials mode = omit" seems okayish... Mark, do these
CDN requests mention credentials?


Received on Tuesday, 9 June 2015 04:54:32 UTC