W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2018

Re: CORS restrictions on preflight (too) strict?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 3 Aug 2018 17:14:30 -0700
Message-ID: <CADYDTCAiym9LYaEHZg5Zwzk-5Xof0=Q=zP4vg=jhJof=cyGk7Q@mail.gmail.com>
To: "Ruben Verborgh (UGent-imec)" <Ruben.Verborgh@ugent.be>
Cc: "Miel Vander Sande (UGent-imec)" <Miel.VanderSande@ugent.be>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Herbert Van de Sompel <hvdsomp@gmail.com>
On Fri, Aug 3, 2018 at 4:21 PM, Ruben Verborgh (UGent-imec)
<Ruben.Verborgh@ugent.be> wrote:
>> I think Ruben went wrong trying to argue all Accept-* headers are safe.
>
> I still haven't been proven wrong, but I get your point.

Yeah I'm not judging the merits, just noting it made the issue bigger
and added friction.

-Dan Veditz
Received on Saturday, 4 August 2018 00:15:13 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 4 August 2018 00:15:14 UTC