On Tue, Dec 15, 2009 at 4:10 AM, Anne van Kesteren <ann...@opera.com> wrote: > On Mon, 14 Dec 2009 11:03:27 +0100, Jonas Sicking <jo...@sicking.cc> wrote: >> >> My recollection from the meeting in seattle was that we did not want >> to allow this. >> >> In any case, it does seem like a very strange feature to me. Sending >> >> Access-Control-Allow-Origin: null >> >> would then mean essentially, "allow access to everyone who I don't >> know who it is". I can't think of a situation where this makes sense. > > The use case we discussed was allowing e.g. personalized search results even > from things that do not have an origin. (You cannot do that with * because > we explicit disallowed credentials there.)
Hmm.. ok, i guess i buy that. / Jonas