Closed Bug 649917 Opened 13 years ago Closed 13 years ago

CORS Access-Control-Allow-Origin header should be parsed for a white space separated list of origins

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: heycam, Assigned: heycam)

References

Details

Cameron McCormack (:heycam)

Assignee

Description

•

13 years ago

According to the CORS spec, Access-Control-Allow-Origin takes a white space separated list of origins (or "null", or "*").  We currently only support a single origin.

http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea
http://tools.ietf.org/html/draft-abarth-origin-09#section-6.1

Cameron McCormack (:heycam)

Assignee

Comment 1

•

13 years ago

I misread the specification.  The origin-list describes the set of origins the response should be accessible to.  It's not a list of individual origins to allow.  Sorry for the noise.

Status: ASSIGNED → RESOLVED

Closed: 13 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

CORS Access-Control-Allow-Origin header should be parsed for a white space separated list of origins

Categories

(Core :: Networking: HTTP, defect)

Tracking

()

People

(Reporter: heycam, Assigned: heycam)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1