Ian Hickson wrote:
I recommend the name Access-Control-Origin.
This sounds like an excellent idea. Also removes the misspelled
"Referer" name :)
At this point it would make sense to rename the Method-Check-* headers
too. I recommend changing the "Method-Check-" part to "Access-Control-",
so that the headers are:
On requests from a client:
Access-Control-Origin
On responses to OPTIONS when the policy is elsewhere:
Access-Control-Policy-Path
On all other responses:
Access-Control
Access-Control-Max-Age
Access-Control-Policy-Path
This seems somewhat simplified. The last two would only exist for
OPTIONS replies, right? And they are both optional so neither might
exist even there.
/ Jonas
