On 12/3/11 7:55 PM, Benson Margulies wrote:
7.2.2 says that if the response is "*" and credentials are off, we fail.
The text I'm looking at right now is: If the Access-Control-Allow-Origin header value is the literal "*" character and the credentials flag is false return pass and terminate this algorithm. The key part being "return pass", no? -Boris
