On Fri, 01 Jul 2011 09:48:43 +0200, Ashar Javed
<[email protected]> wrote:
If a server is returning (Access-Control-Allow-Origin: *) without
setting the Origin header in HTTP request then can we say that server is
not implementing CORS properly?
With the help of http://web-sniffer.net/, I randomly checked sites (home
pages only) for CORS and nearly 200 sites are returning
(Access-Control-Allow-Origin: *).
Doing that seems fine. The specification cannot really forbid that.
--
Anne van Kesteren
http://annevankesteren.nl/
