-
-
-
@keithjgrant@WHATWG are you saying that web fonts disallow the addition of CORS headers? -
-
@keithjgrant@WHATWG the font foundries have gamed the system and fucked the simple CORS advice. Time to fix.
End of conversation
New conversation -
-
-
@wycats of CORS it’s safe! - 1 more reply
New conversation -
-
-
@wycats but not always sufficient. if you plan to use cookies, you have to reply "ACAO: <request.headers.Origin>" in addition to allow-creds -
@FremyCompany@wycats Which is not always a great idea, e.g. if the resource generates CSRF or similar tokens. -
New conversation -
-
-
@wycats Thanks for the link! The num of times I have to keep repeating this explanation to devs is very high .. nice to have a linkThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@wycats IPSEC?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
-
@charlesengelke@wycats a request that includes credentials would not pass the CORS check for this type of response header. -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.