Re: [CORS] Access-Control-Request-Method

On Thu, 22 Dec 2011 05:37:35 +0100, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> What might be confusing the issue is that preflights are not always  
> done, maybe?  A preflight, per  
> http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#cross-origin-request  
> is done in the following cases:
>
> 1)  The "force preflight" flag is set.
> 2)  The request method is not a simple method.
> 3)  There is an author request header that's not a simple header.
>
> (though it looks to me like item 1 is broken by the actual algorithm for  
> doing a "cross-origin request with preflight"; Anne?)

If you mean that the cache is still honored maybe I should use a different  
name for "force preflight flag". Maybe "force cross-origin request with  
preflight flag"? The point is mostly that we should figure out the server  
if the server supports non-simple cross-origin requests for the given URL.


> In any case, if you're using XHR then #1 is likely not relevant,

Actually it is:  
http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#cross-origin-request-steps


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Thursday, 22 December 2011 09:51:39 UTC