On Wed, 03 Aug 2011 19:43:28 +0200, Philippe De Ryck
<[email protected]> wrote:
CORS-ISOLATION-1.Unique Origins: When run in a document with a globally
unique identifier for an origin, the Origin header specification
requires that null should be sent as the value of the Origin header. The
algorithms listed in the CORS specification do not explicitly take the
null value into account, leading to some unlogical scenarios. It is for
instance valid that a request sends origin null and the server responds
with an Allow-Origin header with the value null.
Is that problematic? This is a feature.
--
Anne van Kesteren
http://annevankesteren.nl/
