Chrome CORS checked Access-Control-Allow-Headers and Access-Control-Allow-Methods headers in a relaxed manner and didn't follow the ABNF that spec defined. After Chrome 85, CORS checks follow the standardized ABNF.
Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form
Status in Chromium
Enabled by default
Consensus & Standardization
- No signals
Intent to Prototype urlIntent to Prototype thread
Last updated on 2020-11-14