From fce0e368c1baaca52ce65e7f526cf0e8e216cca6 Mon Sep 17 00:00:00 2001
From: Andy Dawson <andydawson76@gmail.com>
Date: Fri, 29 May 2015 15:32:23 +0200
Subject: [PATCH] Don't use invalid examples

A wildcard subdomain isn't valid syntax for a ACAO header
---
 h5bp/directive-only/cross-domain-insecure.conf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/h5bp/directive-only/cross-domain-insecure.conf b/h5bp/directive-only/cross-domain-insecure.conf
index 301886d..e9373ad 100644
--- a/h5bp/directive-only/cross-domain-insecure.conf
+++ b/h5bp/directive-only/cross-domain-insecure.conf
@@ -1,5 +1,7 @@
 # Cross domain AJAX requests
 
+# http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
+
 # **Security Warning**
 # Do not use this without understanding the consequences.
 # This will permit access from any other website.
@@ -10,6 +12,3 @@ add_header "Access-Control-Allow-Origin" "*";
 #
 # Allow access based on [sub]domain:
 #    add_header "Access-Control-Allow-Origin" "subdomain.example.com";
-# OR
-#    add_header "Access-Control-Allow-Origin" "*.example.com";
-