* IE10 (and 11) do not send HTTP_ORIGIN when requesting a URL no in the same origin, although recommended by WHATWG [1] * if IE10 is used, use the referer. If this header is supressed by the user, it won't work (and I don't care). IE10 needs to die, seriously: > We have a long-standing interoperability difference with other browsers > where we treat different ports as same-origin whereas other browsers > treat them as cross-origin. via https://connect.microsoft.com/IE/feedback/details/781303/origin-header-is-not-added-to-cors-requests-to-same-domain-but-different-port [1] http://tools.ietf.org/html/draft-abarth-origin-09pull/41/head
parent
4c16ba76cc
commit
9a03cca793
Loading…
Reference in new issue