- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 19 Dec 2013 11:43:42 -0800
- To: Simon Pieters <simonp@opera.com>
- Cc: "public-web-perf@w3.org" <public-web-perf@w3.org>
On Thu, Dec 19, 2013 at 3:02 AM, Simon Pieters <simonp@opera.com> wrote: > Why does this API use a CORS request for cross-origin requests? Since > there's no way to read the response, it seems pointless. Just always do a > normal fetch. The reason we need to involve CORS at all is that the web security model only allows cross-origin POSTs if the content-type request header is set to "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain". However sendBeacon allows posting arbitrary content types. We should define though that any CORS errors during the response should be ignored. If we do that, effectively the only effect of using CORS is that cross-origin beacons that use a content-type other than the ones above will require a preflight. If you use one of the content types above, the fact that we're using CORS is effectively a no-op. / Jonas
Received on Thursday, 19 December 2013 19:44:44 UTC