On Tue, May 17, 2011 at 5:40 PM, Jonas Sicking <jo...@sicking.cc> wrote:
> If the "supports credentials" flag is set to false, the request will > be made without cookies, and the server may respond with either > "Access-Control-Allow-Origin:*" or "Access-Control-Allow-Origin: > <origin>". > > I propose that the latter mode is used as it will make servers easier > to configure as they can just add a static header to all their > responses. > This could be specified, eg. <img cors> without credentials and <img cors="credentials"> with. I don't know if there are use cases to justify it. -- Glenn Maynard