Closed Akcbryant closed 7 years ago
Yes, I'd like the behavior to be that no Access-Control headers are returned in this situation even though that isn't explicitly required. We should have tests that show that is the case for both preflight and actual requests.
Should we test that the other headers are not set as well? The spec seemed to just say "don't use null" not necessarily what to use instead?