On Fri, 29 Jul 2011 14:25:07 +0200, Vladimir Dzhuvinov
<[email protected]> wrote:
Regarding "6. Resource processing model": [item 3] "A list of headers
consisting of zero or more header field names that are supported by
the resource.":
Is this list supposed to be
1) of the non-simple headers only - as per
http://dev.w3.org/2006/waf/access-control/#simple-header or
2) of all supported headers that the author may choose to set,
including those that qualify as simple?
Because right now the Java CORS filter expects to receive only
non-simple headers in "Access-Control-Request-Headers", and if for
some reason the browser has decided to include a simple header, e.g.
"Accept", in the preflight request it won't be allowed to proceed.
My apologies for forgetting to reply to this message. Fortunately it was
still somewhere in my inbox! It seems your Java CORS filter has a bug as
simple headers can be included there (for consistency).
--
Anne van Kesteren
http://annevankesteren.nl/
