On 8/26/2013 5:52 PM, Daniel Veditz wrote: > CORS: * is always safe for a public site, or at least as safe as your > application is for users of pre-CORS browsers. (maybe not so great for > intranet sites.)
Meant to include a link to the authoritative blog on the subject: http://annevankesteren.nl/2012/12/cors-101 -Dan Veditz
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
