On Fri, 08 Aug 2008 11:38:55 +0200, Jonas Sicking <[EMAIL PROTECTED]> wrote:
String comparison is not going to be ok either way. The following two origins are equivalent:http://www.foo.com http://www.foo.com:80
My proposal was to treat those as non-equivalent. Basically, to require Access-Control-Allow-Origin to have the same value as Origin.
(It seems that Ian has used this approach for WebSocket as well.) -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>