User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 Build ID: 20130227155931 Steps to reproduce: curl -I https://verifier.login.persona.org/verify Actual results: No Access-Control-Allow-Origin header. Expected results: There should be a Access-Control-Allow-Origin header so it can accessed from JS applications.
Actually, we don't implement HEAD (curl -I) for that request, only POST. Could you refile this at https://github.com/mozilla/browserid/issues?
Well, I gave an example with HEAD but the header is not there with POST either.