On Tue, 22 Jan 2008, Anne van Kesteren wrote: > > > > Access-Control: allow <example.com> method GET > > Access-Control: POST > > Access-Control: PUT, DELETE, deny <example.org> method POST > > Access-Control: GET > > > > Will clients be able to parse this correctly? Please don't repeat the > > mistakes of the Set-Cookie header; this is very bad practice. It would > > be better to leverage existing syntax from other headers; e.g., > > > > Access-Control: allow="example.com"; method="GET POST PUT DELETE", > > deny="example.org"; method="POST GET" > > Good point. Is the rest of the WG ok with changing this? Jonas?
Oops, I missed that when I read the spec. I recommend just changing the #Method from being comma-separated to being space-separated, as in: Access-Control: allow <example.com> method GET PUT -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
