Timeline for Why is the Access-Control-Allow-Origin header necessary?
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 14, 2018 at 12:46 | comment | added | David Barratt | This is the correct answer. If I have a native app, I can make whatever cross-site cookie-less requests I want, but in the browser, that is not allowed. :( | |
| Mar 17, 2017 at 10:46 | history | edited | CommunityBot |
replaced http://security.stackexchange.com/ with https://security.stackexchange.com/
|
|
| Feb 16, 2017 at 23:10 | comment | added | Gerard ONeill | 2c -- most people (especially in the beginning) write sites assuming a user at a browser is using the service. They haven't considered the case that third party malicious site evil.com is probing his API. Returning a * sorta means you've considered this. Although not if you just set your server to respond with a *, and your particular site may not have considered this.. I still think the spec is cumbersome and seems too server centric. | |
| Nov 18, 2013 at 22:09 | review | First posts | |||
| Nov 18, 2013 at 22:46 | |||||
| Nov 18, 2013 at 21:50 | history | answered | Oleg | CC BY-SA 3.0 |