W3C home > Mailing lists > Public > public-web-perf@w3.org > December 2013

Re: [beacon] Random comments

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 19 Dec 2013 11:43:42 -0800
Message-ID: <CA+c2ei_78zQzsMyGg-xQ2zXszQLRqHJSTbu8RYhahAwzFi3zgQ@mail.gmail.com>
To: Simon Pieters <simonp@opera.com>
Cc: "public-web-perf@w3.org" <public-web-perf@w3.org>
On Thu, Dec 19, 2013 at 3:02 AM, Simon Pieters <simonp@opera.com> wrote:
> Why does this API use a CORS request for cross-origin requests? Since
> there's no way to read the response, it seems pointless. Just always do a
> normal fetch.

The reason we need to involve CORS at all is that the web security
model only allows cross-origin POSTs if the content-type request
header is set to "application/x-www-form-urlencoded",
"multipart/form-data", or "text/plain". However sendBeacon allows
posting arbitrary content types.

We should define though that any CORS errors during the response
should be ignored. If we do that, effectively the only effect of using
CORS is that cross-origin beacons that use a content-type other than
the ones above will require a preflight.

If you use one of the content types above, the fact that we're using
CORS is effectively a no-op.

/ Jonas
Received on Thursday, 19 December 2013 19:44:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:04:37 UTC