W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: [CORS] Access-Control-Request-Method

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 15 Feb 2012 08:32:20 -0500
Message-ID: <CA+c2ei9UxzaLMFB8bkNgUGWbrqbdFdpqiZEy3wHDsQooVzNZWw@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org, Adam Barth <abarth@gmail.com>, Odin HÝrthe Omdal <odinho@opera.com>
On Wed, Feb 15, 2012 at 4:24 AM, Anne van Kesteren <annevk@opera.com> wrote:
> On Wed, 15 Feb 2012 08:05:36 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
>>
>> Just add the "force preflight flag is unset" condition to only the "is
>> simple method" check. That way a cache hit still counts prevents a
>> preflight even if the force-flag is set.
>>
>> Note that a cache hit can only happen if a preflight-check has been
>> successful *from the requesting origin*. So things should still be
>> safe.
>>
>> At least that's how we have it implemented in Firefox.
>
>
> I think I fixed this now:
>
> †http://dvcs.w3.org/hg/cors/rev/b64d6dd50a2d
>
> The only implication I see is that if the "force preflight flag" was the
> only reason for the preflight, the preflight will always happen.

Why is that? That's not what happens in the firefox implementation.
We'll preflight the first time and then cache the result (if the
maxtime header is set of course)

/ Jonas
Received on Wednesday, 15 February 2012 13:33:26 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:50 GMT