On 20 February 2015 at 00:29, Anne van Kesteren <ann...@annevk.nl> wrote: > Access-Control-Allow-Origin-Wide-Cache: [origin]
This has some pretty implications for server deployments that host mutual distrustful applications. Now, these servers are already pretty well hosed from other directions, but I don't believe that there is any pre-existing case where a header field set in a request to /x could affect future requests to /y. An alternative would be to use /.well-known for site wide policies.