On Mon, 11 Jul 2011 01:09:44 +0200, Ashar Javed <[email protected]>
wrote:
1) Access-Control-Allow-Origin: *.
In the above case I am getting in response *. (dot after *). Is it fine
or typo?
Typo, will not work.
2) For another website I am getting in response
Access-Control: allow <*>
Old syntax, will not work.
3) For Another website
Access-Control-Allow-Oritin: *
Oritin instead of Origin..
Typo, will not work.
4) Finally in another case
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Request-Headers: X-Requested-With, *
If site operator is using * as a value in Access-Control-Request-Headers:
then the use of "X-Requested-With" makes sense or only * will be fine?
The former, the * will not match any header field name. However, that
header only makes sense in the preflight request.
--
Anne van Kesteren
http://annevankesteren.nl/
