On Fri, 02 Oct 2009 14:18:14 +0200, Anne van Kesteren <[email protected]>
wrote:
So I just read some things again and it seems CORS is already using
comma-separated lists for some header formats. My thinking now is that
we should just do the same for the Origin header. I think that would
make it (per modified (future) ABNF rules from httpbis):
origin = "Origin" ":" origin-value
origin-value = "null" / #serialized-origin
Apparently the OWS issue will be solved by future drafts of httpbis.
I should probably stop flip-flopping on this issue, but since
Access-Control-Allow-Origin is supposed to be compared to the Origin value
literally I think it might make more sense for this header to actually be
space-separated. The other headers are processed in a different way.
Maybe we should discuss this one last time when all implementors are in
the room during TPAC.
--
Anne van Kesteren
http://annevankesteren.nl/
