- From: Simon Pieters <simonp@opera.com>
- Date: Fri, 09 Nov 2012 15:11:16 +0100
- To: michael.hausenblas@gmail.com
- Cc: "www-archive@w3.org" <www-archive@w3.org>
Hi http://enable-cors.org/ says [[ Access-Control-Allow-Origin: * Access-Control-Allow-Origin: http://example.com:8080 http://foo.example.com The asterisk permits scripts hosted on any site to load your resources; the space-delimited lists limits access to scripts hosted on the listed servers. ]] http://fetch.spec.whatwg.org/#resource-sharing-check says [[ If the value of Access-Control-Allow-Origin is not a case-sensitive match for the value of the Origin header as defined by its specification, return fail and terminate this algorithm. ]] i.e. space separated values will fail. Please update enable-cors.org to say only one origin can be specified. Also, an origin has to be specified (rather than using "*") if one wants to use cookies, which does not appear to be discussed. cheers -- Simon Pieters Opera Software
Received on Friday, 9 November 2012 14:11:44 UTC