W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

[CORS] Applying preflight cache to an entire domain?

From: Monsur Hossain <monsur@gmail.com>
Date: Tue, 17 Apr 2012 16:35:16 -0500
Message-ID: <CAKSyWQ=CGbzS1wE73gcZBbhMD-khc++rc0H3bxPFwKVaOW2NDQ@mail.gmail.com>
To: public-webapps@w3.org
Hi there. The CORS spec currently indicates that the preflight cache should
store preflight responses for a particular origin/request url pair. That
means that multiple requests to different urls on the same domain will
always trigger a preflight, even if the preflight response is exactly the
same for those urls. If a server only accepts a set of well defined http
methods and http headers, then issuing the preflight on different requests
is redundant.

I was wondering if there could be a way for the server to indicate what
scope the preflight applies to? For example, the default could still be to
cache per origin/request-url, but maybe the server could set a special
"Access-Control-Max-Age-Scope: domain" response header to indicate that the
preflight response can be used for any request to the domain. Has anything
like this been considered?

Received on Wednesday, 18 April 2012 12:04:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:50 UTC