W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [cors] when a preflight goes bad

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 05 Dec 2011 17:05:54 +0100
To: "Benson Margulies" <bimargulies@gmail.com>
Cc: public-webapps@w3.org, "Sergey Beryozkin" <sberyozkin@gmail.com>
Message-ID: <op.v50xn4ur64w2qv@annevk-macbookpro.local>
On Mon, 05 Dec 2011 16:57:17 +0100, Benson Margulies  
<bimargulies@gmail.com> wrote:
> That's on the client side, isn't it?. I'm worried about the resource
> side. On the resource side, what HTTP status code should be coming
> back from server to client for a preflight when the server has no
> other OPTIONS to return. 200? or 40x?

Oh sorry, that does not matter. Whatever else you do in response to the  
OPTIONS request besides setting CORS-related headers on a 200 response is  
not observable. You could have a 200 response with CORS-related headers  
that make it fail, you could have a 201 response with CORS-related headers  
that make it pass, but will fail for it not being 200; you could have a  
200 with no CORS headers. Whatever suits you.

Anne van Kesteren
Received on Monday, 5 December 2011 16:06:27 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:37 UTC