Tue Sep 1 2015 14:32:25 UTC
The key is: never test.
Hide Search Description
15 bugs found.
ID Product Comp Assignee Status Resolution Summary Changed
28861 WebAppsS CORS annevk NEW --- Section 6.2 Preflight Request, step 10, second note: "Access-Control-Allow-Headers" instead of "Access-Control-Request-Headers" 2015-07-01
14663 WebAppsS CORS annevk RESO WONT Advice on CORS and caches 2013-10-25
14664 WebAppsS CORS annevk RESO INVA Defining CORS headers 2013-10-25
14665 WebAppsS CORS annevk RESO FIXE Content-Type is not a simple header 2011-11-23
14666 WebAppsS CORS annevk RESO FIXE Be clearer about cookies and CORS 2011-11-25
14700 WebAppsS CORS annevk RESO FIXE Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall 2013-10-25
15312 WebAppsS CORS annevk RESO WONT lowercasing requirement for Access-Control-Request-Headers harmful 2012-05-03
16434 WebAppsS CORS annevk RESO FIXE Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) 2012-03-22
16436 WebAppsS CORS annevk RESO FIXE Resource processing: shouldn't need to split Origin string on SPACE anymore 2012-03-22
17042 WebAppsS CORS annevk RESO INVA Last-Event-ID is not a simple header 2013-10-28
17205 WebAppsS CORS annevk RESO INVA graph.Facebook.com/ladybug2007 2012-05-29
19315 WebAppsS CORS annevk RESO DUPL Last-Event-ID header should be a simple header 2013-10-28
19920 WebAppsS CORS annevk RESO INVA Don't allow space-separated origins in the syntax 2013-10-25
21012 WebAppsS CORS annevk RESO WONT Add more text on Vary 2013-10-28
21608 WebAppsS CORS annevk RESO WONT 7.2 "Resource Sharing Check" does not specify how to handle a space separated list in Access-Control-Allow-Origin 2013-10-25
15 bugs found.

as

File a new bug in the "CORS" component of the "WebAppsSec" product