We need to implement support for the Access-Control-Policy-Path. This is used during the initial OPTIONS request to allow the policy to be specified for whole directories rather than for a single resource. There are two parts to this: First of all we need to perform an OPTIONS request to the specified path. Second, we need to make sure to do caching appropriately. This includes deleting all entries with a more specific path, as well as checking the cache at all possible ancestor paths when doing a lookup in the cache. Surya, do you think you could have a look at this? Let me know if you have any questions.

Anyone have any docs for server side java-script with mochikit? Really need to add some tests.

This feature was removed from the spec due to security concerns (mostly around IIS, but possibly other servers too). Might make a comeback in later versions of the spec if we can figure out how to work around serverside security issues.