cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <bimargul...@gmail.com>
Subject Re: CORS
Date Wed, 30 Nov 2011 14:38:39 GMT
The code doesn't quite work as you expect.

If there is no origin header at all, the input filter gets an empty
array, not a null, so it does the wrong thing.


On Sat, Nov 12, 2011 at 2:35 AM, K Fung <kfung4cxf@gmail.com> wrote:
> Hello,
>
> Are there any plans to expand this code so that covers both 5.1 and 5.2 of
> the CORS specification (http://www.w3.org/TR/cors?) In particular,
>
> - Not blocking the request of it's an OPTIONS request but doesn't contain
> the Origin header
> - What if the request doesn't contain OPTIONS but does contain the Origin
> header (section 5.1 of the spec)
> - Adding support for Access-Control-Allow-Credentials (section 5.2 of the
> spec, step 7)
> - Adding support for Access-Control-Max-Age (section 5.2 of the spec, step
> 8)
>
> Cheers,
> kl

Mime
View raw message