DIAL Specification 1.7.2 Released
Post date: Apr 06, 2015 11:27:26 PM
The new CORS access policy will:
Check the CORS Origin header against an application specific authorization list (patches DIAL to check for authorized domains),
Restrict checking to the following URI schemes: “http”, “https” and “file” (required for backwards compatibility with existing clients),
Allow requests that don’t include an Origin header as CORS mandates (required for backwards compatibility with non-browser based, 3rd-party DIAL clients).
The benefits of this solution are:
Full backwards compatibility with both mobile clients and the Chrome extension,
Full compatibility with 3rd party DIAL clients,
No specification changes affecting DIAL clients.