Hi Franky, I tend to agree with you. But I did read most of the stuff I linked to you, and there is an explanation about the sub-domains. In a larger organization white-listing all sub-domains will be harmful. And if that is in the spec, it would be an too easy mistake. I don't like it, but I do agree with W3C here. This means that everything that's not on your primary domain (the page that boots the app) needs to go trough CORS. I think the CORS caching mechanism should be less rigid in what it accepts. Filing an issue on that by W3C will help. Although you need to be very persistent to get it in there, and it will take years before it will be implemented somewhere!
Regards Sander -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
