CORS implementation
Published Nov 03, 2015
Version 1.0Was this article helpful?
@Kevin_Dyer note that the reference you cite for latest CORS specification is actually significantly out-of-date.
The responsibility for CORS was taken over by WHATWG, as part of the fetch spec (https://fetch.spec.whatwg.org/). The examples aren't great, but fetch now does allow (in theory) some enhancements, such as allowing an asterisk as the value for the
Access-Control-Allow-Headers
, Access-Control-Allow-Methods
and Access-Control-Expose-Headers
CORS response headers. I don't know whether all browsers have implemented support for these special values yet, however.