W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [CORS] Access-Control-Request-Method

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 22 Dec 2011 10:51:05 +0100
To: public-webapps@w3.org, "Boris Zbarsky" <bzbarsky@mit.edu>
Message-ID: <op.v6vxnfnj64w2qv@annevk-macbookpro.local>
On Thu, 22 Dec 2011 05:37:35 +0100, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> What might be confusing the issue is that preflights are not always  
> done, maybe?  A preflight, per  
> http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#cross-origin-request  
> is done in the following cases:
>
> 1)  The "force preflight" flag is set.
> 2)  The request method is not a simple method.
> 3)  There is an author request header that's not a simple header.
>
> (though it looks to me like item 1 is broken by the actual algorithm for  
> doing a "cross-origin request with preflight"; Anne?)

If you mean that the cache is still honored maybe I should use a different  
name for "force preflight flag". Maybe "force cross-origin request with  
preflight flag"? The point is mostly that we should figure out the server  
if the server supports non-simple cross-origin requests for the given URL.


> In any case, if you're using XHR then #1 is likely not relevant,

Actually it is:  
http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#cross-origin-request-steps


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Thursday, 22 December 2011 09:51:39 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:49 GMT