Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
CORS multi-value response headers don't work in IE #19841
As part of our improved CORS handling (#16092), we serialize the
instead of a comma-separated list in a single header value
Separating each header value out individually should be fine according to the RFC: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2, although the RFC does leave some ambiguity if such a separation does need to be supported.
It turns out Chrome is fine with this but IE is not.