Closed
Bug 649917
Opened 13 years ago
Closed 13 years ago
CORS Access-Control-Allow-Origin header should be parsed for a white space separated list of origins
Categories
(Core :: Networking: HTTP, defect)
Core
Networking: HTTP
Tracking
()
RESOLVED
INVALID
People
(Reporter: heycam, Assigned: heycam)
References
Details
According to the CORS spec, Access-Control-Allow-Origin takes a white space separated list of origins (or "null", or "*"). We currently only support a single origin. http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea http://tools.ietf.org/html/draft-abarth-origin-09#section-6.1
Assignee | ||
Comment 1•13 years ago
|
||
I misread the specification. The origin-list describes the set of origins the response should be accessible to. It's not a list of individual origins to allow. Sorry for the noise.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•