Use structured fields for CORS headers #1216
Labels
Comments
|
(Slightly related: #814.) |
|
To be clear, unless they are fully compatible I don't think it's worth making changes here. It does seem fine to upgrade some (that are compatible) and not others (that are not). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Private Network Access is considering using structured fields for the new
Access-Control-Allow-Private-Networkheader in WICG/private-network-access#45. This header should be kept consistent with the existingAccess-Control-Allow-Credentialsheader defined by the CORS protocol, since they both accept a single value:"true".It would be nice to modernize the existing ABNF-defined CORS header syntax to use structured fields instead.
To avoid backwards-incompatibility, the
Allow-Credentialsheader in particular should probably be defined as a token instead of a boolean, which is unfortunate but surmountable.It is less clear what to do with the
Access-Control-{Request,Allow}-{Method,Headers}headers. Their syntax might be subtly different from that expected by structured fields' "list of tokens" type?The text was updated successfully, but these errors were encountered: