- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 05 Oct 2009 17:07:15 +0200
- To: "Adam Barth" <abarth@cs.stanford.edu>
- Cc: www-archive@w3.org
On Fri, 02 Oct 2009 14:18:14 +0200, Anne van Kesteren <annevk@opera.com> wrote: > So I just read some things again and it seems CORS is already using > comma-separated lists for some header formats. My thinking now is that > we should just do the same for the Origin header. I think that would > make it (per modified (future) ABNF rules from httpbis): > > origin = "Origin" ":" origin-value > origin-value = "null" / #serialized-origin > > Apparently the OWS issue will be solved by future drafts of httpbis. I should probably stop flip-flopping on this issue, but since Access-Control-Allow-Origin is supposed to be compared to the Origin value literally I think it might make more sense for this header to actually be space-separated. The other headers are processed in a different way. Maybe we should discuss this one last time when all implementors are in the room during TPAC. -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 5 October 2009 15:07:53 UTC