14700 – Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 14700 - Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall

Summary: Point out that Access-Control-Allow-Origin:* is safe for servers not behind a...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebAppsSec
Classification:	Unclassified
Component:	CORS (show other bugs)
Version:	unspecified
Hardware:	PC Windows 3.1

Importance:	P2 normal
Target Milestone:	---
Assignee:	Anne
QA Contact:	This bug has no owner yet - up for the taking

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-11-05 16:48 UTC by Anne
Modified:	2013-10-25 22:01 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description Anne 2011-11-05 16:48:25 UTC

In the eventual "How to use CORS" section point out that you can use Access-Control-Allow-Origin:* safely on servers not behind a firewall.

Comment 1 Brad Hill 2013-10-25 22:01:45 UTC

WG resolved to close this issue without spec changes, security considerations have been rewritten to address this issue since it was opened.

http://www.w3.org/2011/webappsec/minutes/webappsec-minutes-27-Aug-2013.html