W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2018

Re: CORS restrictions on preflight (too) strict?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 3 Aug 2018 17:14:30 -0700
Message-ID: <CADYDTCAiym9LYaEHZg5Zwzk-5Xof0=Q=zP4vg=jhJof=cyGk7Q@mail.gmail.com>
To: "Ruben Verborgh (UGent-imec)" <Ruben.Verborgh@ugent.be>
Cc: "Miel Vander Sande (UGent-imec)" <Miel.VanderSande@ugent.be>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Herbert Van de Sompel <hvdsomp@gmail.com>

On Fri, Aug 3, 2018 at 4:21 PM, Ruben Verborgh (UGent-imec)
<Ruben.Verborgh@ugent.be> wrote:
>> I think Ruben went wrong trying to argue all Accept-* headers are safe.
>
> I still haven't been proven wrong, but I get your point.

Yeah I'm not judging the merits, just noting it made the issue bigger
and added friction.

-Dan Veditz

Received on Saturday, 4 August 2018 00:15:13 UTC

This message: [ Message body ]
Next message: Miel Vander Sande (UGent-imec): "Re: CORS restrictions on preflight (too) strict?"
Previous message: Ruben Verborgh (UGent-imec): "Re: CORS restrictions on preflight (too) strict?"
In reply to: Ruben Verborgh (UGent-imec): "Re: CORS restrictions on preflight (too) strict?"
Next in thread: Miel Vander Sande (UGent-imec): "Re: CORS restrictions on preflight (too) strict?"
Reply: Miel Vander Sande (UGent-imec): "Re: CORS restrictions on preflight (too) strict?"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:04 UTC