W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: [CORS] Access-Control-Request-Method

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 15 Feb 2012 10:24:28 +0100
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "Boris Zbarsky" <bzbarsky@mit.edu>, public-webapps@w3.org, "Adam Barth" <abarth@gmail.com>, Odin Hørthe Omdal <odinho@opera.com>
Message-ID: <op.v9pq22fd64w2qv@annevk-macbookpro.local>
On Wed, 15 Feb 2012 08:05:36 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> Just add the "force preflight flag is unset" condition to only the "is
> simple method" check. That way a cache hit still counts prevents a
> preflight even if the force-flag is set.
>
> Note that a cache hit can only happen if a preflight-check has been
> successful *from the requesting origin*. So things should still be
> safe.
>
> At least that's how we have it implemented in Firefox.

I think I fixed this now:

   http://dvcs.w3.org/hg/cors/rev/b64d6dd50a2d

The only implication I see is that if the "force preflight flag" was the  
only reason for the preflight, the preflight will always happen.


(Please disregard the missing "the" I introduced. Already fixed.)


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 15 February 2012 09:25:07 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:50 GMT