I have some mockup html/javascript on my desktop, I made an ajax GET call to:
and got back 200 OK with results. But I noticed that the response's accept-header was:
Access-Control-Allow-Origin: http://www.bungie.net when using a proxy (and it was null when using Firefox).
In either case, why didn't this throw an cross origin resource sharing error? The response header didn't say *, so technically this should fail because my desktop is not on the bungie.net domain. Why did it succeed?
Thanks so much!
Aucun commentaire:
Enregistrer un commentaire