On Mon, 14 Dec 2009 11:03:27 +0100, Jonas Sicking <jo...@sicking.cc> wrote:
My recollection from the meeting in seattle was that we did not want
to allow this.
In any case, it does seem like a very strange feature to me. Sending
Access-Control-Allow-Origin: null
would then mean essentially, "allow access to everyone who I don't
know who it is". I can't think of a situation where this makes sense.
The use case we discussed was allowing e.g. personalized search results
even from things that do not have an origin. (You cannot do that with *
because we explicit disallowed credentials there.)
--
Anne van Kesteren
http://annevankesteren.nl/