On Sun, 25 Jul 2010 14:25:58 +0200, Christoph Päper
<christoph.pae...@crissov.de> wrote:
Maybe I’m missing something, but shouldn’t it be easy to use certain
groups of origins in ‘Access-Control-Allow-Origin’, e.g. make either the
scheme, the host or the port part irrelevant or only match certain
subparts of the host part?
We had something like that long ago, but decided the complexity was not
worth it. At least not for now. So yes, the Commons server would have to
implement the appropriate logic. It does not actually have to parse the
header though, as the draft says it could simply contain a list of origins
it allows requests from and compare the incoming origin against said list.
That would probably be safer than to try parsing things manually.
--
Anne van Kesteren
http://annevankesteren.nl/