Ajax / XMLHttpRequests are still processed - even from unallowed origins

[nepomuc]

When performing an Ajax / XMLHttp request against a subsribe-list from an unallowed origin regarding the Access-Control-Allow-Origin header, it's still being processed and the double-opt-in email will be sent. That's probably an unwanted behaviour, right?

[michield]

Yes, that would be, but that would be a browser issue, as we're telling the browser what should be allowed. What browser did you use to try this?