-
Notifications
You must be signed in to change notification settings - Fork 10
Compliance Code: ‐20500 ‐ Access‐Control‐Allow‐Origin
Andrew Newton edited this page Jul 9, 2024
·
1 revision
The "access-control-allow-origin" HTTP header is part of the Cross-Origin Resource Sharing (CORS) mechanism to help applications that run inside of web browsers to access web APIs, such as RDAP.
Section 1.14 of the 2024 ICANN RDAP Technical Implementation Guide (TIG) states:
1.14. When responding to RDAP valid requests, an RDAP server MUST include the Access-Control-Allow-Origin response header, as specified by [W3C.REC-cors-20140116]. Unless otherwise specified, a value of "*" MUST be used.
NOTE: This is in section 1.13 of the 2019 TIG
This means that an RDAP server must set the "access-control-allow-origin" HTTP header to the value "*":
access-control-allow-origin: *
NOTE: HTTP headers are not required to be capitalized.