CORS Access-Control-Allow-Origin header should be parsed for a white space separated list of origins

RESOLVED INVALID

Status

()

Core
Networking: HTTP
RESOLVED INVALID
7 years ago
7 years ago

People

(Reporter: heycam, Assigned: heycam)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

7 years ago
According to the CORS spec, Access-Control-Allow-Origin takes a white space separated list of origins (or "null", or "*").  We currently only support a single origin.

http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea
http://tools.ietf.org/html/draft-abarth-origin-09#section-6.1
(Assignee)

Comment 1

7 years ago
I misread the specification.  The origin-list describes the set of origins the response should be accessible to.  It's not a list of individual origins to allow.  Sorry for the noise.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.