* Martin Thomson wrote: >On 20 February 2015 at 00:29, Anne van Kesteren <ann...@annevk.nl> wrote: >> Access-Control-Allow-Origin-Wide-Cache: [origin] > >This has some pretty implications for server deployments that host >mutual distrustful applications. Now, these servers are already >pretty well hosed from other directions, but I don't believe that >there is any pre-existing case where a header field set in a request >to /x could affect future requests to /y. > >An alternative would be to use /.well-known for site wide policies.
The proposal is to use `OPTIONS * HTTP/1.1` not `OPTIONS /x HTTP/1.1`. -- Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/