New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 6 users

Issue metadata

Status: Fixed
Closed: Dec 2017
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Feature

Show other hotlists

Hotlists containing this issue:

Sign in to add a comment

Issue 615313: [CORS] Add wildcard support for Access-Control-Allow-Methods, Access-Control-Allow-Headers and Access-Control-Expose-Headers

Reported by, May 27 2016 Project Member

Issue description

The Fetch Standard has been updated to accept the wildcard value for Access-Control-Allow-Methods, Access-Control-Allow-Headers and Access-Control-Expose-Headers.

Comment 1 by, Mar 8 2017

Blockedon: 698721

Comment 2 by, Mar 14 2017

 Issue 698241  has been merged into this issue.

Comment 3 by, May 15 2017

Components: Blink>SecurityFeature>CORS
tyoshino@, yhirano@: Can you triage this? It seems like a relatively small set of changes that might make some developers' lives a little simpler. I know y'all are stretched, but this might be a nice small project for someone who wants to ship something. :)

Comment 4 by, May 22 2017

Components: -Blink>Network -Blink>Loader Blink>Network>XHR Blink>Network>FetchAPI
Yeah, this is just do it bug. might be good to keep for interns.

Comment 5 by, Jun 1 2017

It turned out that we need to resolve a spec issue. See

Comment 6 by, Sep 7 2017

That's now resolved, updated tests at

Comment 7 by, Sep 7 2017

Status: Assigned (was: Available)

Comment 8 by, Sep 14 2017

 Issue 698721  has been merged into this issue.

Comment 9 by, Sep 14 2017

Labels: Hotlist-Interop

Comment 10 by, Sep 14 2017

Blockedon: -698721

Comment 13 by, Sep 26 2017

Labels: M-63
Status: Fixed (was: Assigned)

Comment 14 by, Sep 26 2017

Status: Started (was: Fixed)
No, it's not fixed yet. We need to support Access-Control-Expose-Headers as well.

Comment 15 by, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 16 by, Dec 6 2017

Project Member
The following revision refers to this bug:

commit 59a2bc8acbe0926b70b5f926ae6e2383fc6dd532
Author: Yutaka Hirano <>
Date: Wed Dec 06 14:40:04 2017

[Fetch] Support wildcard for access-control-expose-headers

Bug:  615313 
Change-Id: Ie608f427083303af5afd98e8939dcfc43a266942
Reviewed-by: Kinuko Yasuda <>
Reviewed-by: Takeshi Yoshino <>
Reviewed-by: Tsuyoshi Horo <>
Commit-Queue: Yutaka Hirano <>
Cr-Commit-Position: refs/heads/master@{#522082}

Comment 17 by, Dec 7 2017

Status: Fixed (was: Started)

Comment 18 by, Dec 11 2017

Currently Safari is passing some of the tests just introduced

Sign in to add a comment