Wesley Miaw
|
65855a143a
|
Expand CORS test script to all other supported request types.
Explicitly check for 403 Forbidden, instead of allowing tests to pass for other HTTP status codes.
|
2020-07-01 17:37:28 -07:00 |
|
Wesley Miaw
|
9c95539a7e
|
Allow wildcard matches for non-https schemes of the form scheme://* and
scheme:*.
|
2020-06-12 18:24:27 -07:00 |
|
Wesley Miaw
|
d789ef37ff
|
Allow subdomain wildcards to be specified for CORS origin headers using https.
Restrict default build to acceptable Netflix and YouTube origin headers; created new debug makefile target for full whitelist testing.
|
2020-06-02 17:19:53 -07:00 |
|
Wesley Miaw
|
e82bda0149
|
Allow ORIGIN header values from other schemes to be accepted; in particular
accept the package: scheme used by some mobile device clients. The HTTPS
scheme is still validated specially, to account for port numbers.
|
2020-05-19 16:25:34 -07:00 |
|
Wesley Miaw
|
df63f0e6af
|
Require CORS Origin header to use https:// and match the entire hostname.
Also require the port number to match if specified in the accepted origins
list.
|
2020-03-27 15:45:23 -07:00 |
|
jcli
|
3454a59e99
|
dial spec 1.7
|
2015-10-20 16:26:28 -07:00 |
|