Hello, Are there any plans to expand this code so that covers both 5.1 and 5.2 of the CORS specification (http://www.w3.org/TR/cors?) In particular,
- Not blocking the request of it's an OPTIONS request but doesn't contain the Origin header - What if the request doesn't contain OPTIONS but does contain the Origin header (section 5.1 of the spec) - Adding support for Access-Control-Allow-Credentials (section 5.2 of the spec, step 7) - Adding support for Access-Control-Max-Age (section 5.2 of the spec, step 8) Cheers, kl
