- From: Odin Hørthe Omdal <odinho@opera.com>
- Date: Fri, 20 Feb 2015 14:10:30 +0100
- To: Anne van Kesteren <annevk@annevk.nl>, chaals@yandex-team.ru
- Cc: Brad Hill <hillbrad@gmail.com>, henry.story@bblfish.net, WebAppSec WG <public-webappsec@w3.org>
On Fri, Feb 20, 2015, at 11:59, Anne van Kesteren wrote: > CORS addresses two needs: > > 1) Reading the contents of a resource across origins (not possible so > far) > > 2) Allowing more types of fetches (with other methods and headers) to > be made across origins. > > Of those, 1) requires altering the response by including some header > that indicates sharing the body with the other origin is okay and 2) > requires a preflight. > > The original CORS specification called fetches that did not require a > preflight "simple", but I have not carried that terminology over into > Fetch. It is somewhat confusing. I seem to remember I did a chart showing such a "simple" CORS request: <http://odin.s0.no/tmp/Hodges_odinho-CORS-Diagram-SimpleRequest.svg> It wasn't used since it needed some fixes. Which I didn't do and also don't remember what was. :) I think it might look a bit strange on some machines if you don't have an appropriate font. It'd be nice to also show a preflight request, and also the case where there is no CORS header from the server (and thus the user agent won't let the page read the "hello world" reply). -- Odin Hørthe Omdal odinho@opera.com
Received on Friday, 20 February 2015 13:11:10 UTC