W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: [CORS] Access-Control-Request-Method

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 15 Feb 2012 10:24:28 +0100
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Boris Zbarsky" <bzbarsky@mit.edu>, public-webapps@w3.org, "Adam Barth" <abarth@gmail.com>, Odin Hørthe Omdal <odinho@opera.com>
Message-ID: <op.v9pq22fd64w2qv@annevk-macbookpro.local>
On Wed, 15 Feb 2012 08:05:36 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> Just add the "force preflight flag is unset" condition to only the "is
> simple method" check. That way a cache hit still counts prevents a
> preflight even if the force-flag is set.
> Note that a cache hit can only happen if a preflight-check has been
> successful *from the requesting origin*. So things should still be
> safe.
> At least that's how we have it implemented in Firefox.

I think I fixed this now:


The only implication I see is that if the "force preflight flag" was the  
only reason for the preflight, the preflight will always happen.

(Please disregard the missing "the" I introduced. Already fixed.)

Anne van Kesteren
Received on Wednesday, 15 February 2012 09:25:07 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:38 UTC