- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 29 Sep 2008 14:41:23 -0400
What is the reason for doing literal comparison on the websocket-origin and websocket-location HTTP headers? Access Control for Cross-Site Requests is currently following this design for access-control-allow-origin but sicking is complaining about so maybe it should be URL-without-<path> comparison instead. (E.g., then http://example.org and http://example.org:80 would be equivalent.) -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 29 September 2008 11:41:23 UTC