Re: Improving CORS security

On Wed, May 10, 2017 at 12:57 PM, Mike West <> wrote:
> I agree, but it's not clear to me that that would be fatal, since browsers
> that support CSP already have code to deal with this kind of wildcard
> syntax.

Dare I ask whether that is fully interoperable? Last I checked this
was defined with some ABNF which didn't inspire confidence. Also,
would this result in http://example/ matching HTTP://EXAMPLE/ whereas
it does not now?


Received on Wednesday, 10 May 2017 11:01:34 UTC