- From: Glenn Maynard <glenn@zewt.org>
- Date: Tue, 17 May 2011 17:52:07 -0400
On Tue, May 17, 2011 at 5:40 PM, Jonas Sicking <jonas at sicking.cc> wrote: > If the "supports credentials" flag is set to false, the request will > be made without cookies, and the server may respond with either > "Access-Control-Allow-Origin:*" or "Access-Control-Allow-Origin: > <origin>". > > I propose that the latter mode is used as it will make servers easier > to configure as they can just add a static header to all their > responses. > This could be specified, eg. <img cors> without credentials and <img cors="credentials"> with. I don't know if there are use cases to justify it. -- Glenn Maynard
Received on Tuesday, 17 May 2011 14:52:07 UTC