Hi, Our server has a REST-ful API, where creating a user is done by POST-ing to /users. The response contains a Location header pointing to the newly-created resource, such as "Location: /users/15".
Since reading the Location header is not possible for cross-origin requests, we must change the API to return this information somewhere in the body. I'm not sure if this is against the Requirement #15: > Cross-origin requests should not require API changes other than allowing > cross-origin requests. This means that the following examples should work for > resources residing on http://test.example (modulo changes to the respective > specifications to allow cross-origin requests): [...] Anyway, a way of specifying which headers the client is allowed to read, or some other solution, would be nice. Regards, Jaka