}
if r.Header.Get("Origin") != "" {
- // Allow simple cross-origin requests, without
- // credentials.
+ // Allow simple cross-origin requests without user
+ // credentials ("user credentials" as defined by CORS,
+ // i.e., cookies, HTTP authentication, and client-side
+ // SSL certificates. See
+ // http://www.w3.org/TR/cors/#user-credentials).
w.Header().Set("Access-Control-Allow-Origin", "*")
}