RE: CORS Allow header in preflight response from Pellerin, Clement on 2013-04-16 (public-webappsec@w3.org from April 2013)

From: Pellerin, Clement <Clement_Pellerin@ibi.com>
Date: Tue, 16 Apr 2013 15:30:37 -0400
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <9892EC6224DBC54598164D1F77721D7572AED5C46F@IBIUSMBSB.ibi.com>

> On Tue, Apr 16, 2013 at 7:58 PM, Anne van Kesteren wrote:
> > What should the value of the Allow header be in the response to a CORS preflight request?
> > Is the Allow header mandatory, optional, forbidden, ignored?
> 
> Ignored.

Should this be mentioned explicitly in the specification, at least in a non-normative way?

Received on Tuesday, 16 April 2013 19:32:19 UTC