[Webkit-unassigned] [Bug 88461] Access control allow lists starting with a comma are parsed incorrectly (CORS)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 7 15:28:32 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=88461
--- Comment #5 from Pablo Flouret <pablof at motorola.com> 2012-06-07 15:28:29 PST ---
(In reply to comment #4)
> (From update of attachment 146126 [details])
> Which spec says you're allowed to have commas in this header? CORS refers to http://tools.ietf.org/html/rfc6454#section-7.1 which indicates that the origins are separated by spaces, not by commas.
http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#access-control-allow-headers-response-header
Access-Control-Allow-Headers: "Access-Control-Allow-Headers" ":" #field-name
field-name points to rfc-2616.
http://tools.ietf.org/html/rfc2616#page-15
#rule
A construct "#" is defined, similar to "*", for defining lists of
elements. The full form is "<n>#<m>element" indicating at least
<n> and at most <m> elements, each separated by one or more commas
(",") and OPTIONAL linear white space (LWS). This makes the usual
form of lists very easy; a rule such as
( *LWS element *( *LWS "," *LWS element ))
can be shown as
1#element
Wherever this construct is used, null elements are allowed, but do
not contribute to the count of elements present. That is,
"(element), , (element) " is permitted, but counts as only two
elements. Therefore, where at least one element is required, at
least one non-null element MUST be present. Default values are 0
and infinity so that "#element" allows any number, including zero;
"1#element" requires at least one; and "1#2element" allows one or
two.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list