On Tue, Feb 24, 2015 at 3:25 AM, Anne van Kesteren <ann...@annevk.nl> wrote:
>> If that's the case then I think we'd get most of the functionality,
>> with essentially none of the risk, by only allowing server-wide
>> cookie-less preflights.
> If we only do it for this, could we combine that feature with the
> existing preflight then? Support a "Access-Control-Allow-Origin-Wide:
> true" header or some such that's mutually exclusive with
> "Access-Control-Allow-Credentials: true".

I don't have opinions on this.

/ Jonas

Reply via email to