You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is in WPT cors/remote-origin.htm. The client sends a simple cross-origin request encoding in an URL parameter the Allow-Origin header it wants to see from the server, and the server sends a response back with that header.
Specifically, uppercasing HTTP:, adding / to the end, or adding # to the end should make it be an error but doesn't.
These specific points of too-lenient matching suggest the possibility that it's using an URL string comparison instead of a more literal string comparison.
The text was updated successfully, but these errors were encountered:
This is in WPT cors/remote-origin.htm. The client sends a simple cross-origin request encoding in an URL parameter the Allow-Origin header it wants to see from the server, and the server sends a response back with that header.
Specifically, uppercasing
HTTP:
, adding/
to the end, or adding#
to the end should make it be an error but doesn't.These specific points of too-lenient matching suggest the possibility that it's using an URL string comparison instead of a more literal string comparison.
The text was updated successfully, but these errors were encountered: