Hi everyone, *Summary*: Allow more wildcards in CORS headers when used without credential. So, the new syntax for these http headers is: Access-Control-Expose-Headers = #field-name / wildcard Access-Control-Allow-Methods = #method / wildcard Access-Control-Allow-Headers = #field-name / wildcard
*Bug*: https://bugzilla.mozilla.org/show_bug.cgi?id=1309358 *Link to standard*: https://fetch.spec.whatwg.org/#http-new-header-syntax *Platform coverage*: all platforms. *Estimated or target release*: Firefox 71. *Preference behind which this will be implemented*: No preference. *DevTools bug*: No. *Do other browser engines implement this?* Yes, both Blink and WebKit support this feature. *web-platform-tests*: We already have existing wpt tests for this. *Is this feature restricted to secure contexts?* No. Please note that I already landed this patch in nightly since I was not aware of that I should send this email first. If anyone has any concerns, feel free to file another bug to back this out. Thanks, Kershaw _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
