W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [CORS] Access-Control-Request-Method

From: Jarred Nicholls <jarred@webkit.org>
Date: Wed, 21 Dec 2011 23:50:38 -0500
Message-ID: <CANufG2P48wTtfGobNE+iBkqbrYZLor2sAxBYmqfPFEG4kX6BCw@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: public-webapps@w3.org
On Wed, Dec 21, 2011 at 11:37 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 12/21/11 11:28 PM, Jarred Nicholls wrote:
>
>> I'll try this again...
>>
>> The spec makes it very succinct in its preflight request steps that
>> Access-Control-Request-Method should be sent, always.  However in WebKit
>> and Firefox I'm observing this header only being sent when there are
>> "author request headers" being sent in Access-Control-Request-**Headers.
>>  Is the spec not clear in these steps, or are we all just doing it
>> wrong? :)
>>
>
> I'd like to understand your testcase.
>
> Looking at the Firefox code for this, Access-Control-Request-Method is
> always sent when a preflight is done.
>
> What might be confusing the issue is that preflights are not always done,
> maybe?  A preflight, per http://dvcs.w3.org/hg/cors/**
> raw-file/tip/Overview.html#**cross-origin-request<http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#cross-origin-request>is done in the following cases:
>
> 1)  The "force preflight" flag is set.
> 2)  The request method is not a simple method.
>

Ack I was using POST but I meant to use PUT.  You're all over it, thanks.
 I'll go to bed now :-p


> 3)  There is an author request header that's not a simple header.
>
> (though it looks to me like item 1 is broken by the actual algorithm for
> doing a "cross-origin request with preflight"; Anne?)
>
> In any case, if you're using XHR then #1 is likely not relevant, and if
> you use a GET method then you have a simple method.  So the only thing that
> would trigger preflights are author request headers that are not simple
> headers.


>
> -Boris
>
>
Received on Thursday, 22 December 2011 04:51:27 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:49 GMT