Re: [beacon] Random comments

On Thu, Dec 19, 2013 at 3:02 AM, Simon Pieters <> wrote:
> Why does this API use a CORS request for cross-origin requests? Since
> there's no way to read the response, it seems pointless. Just always do a
> normal fetch.

The reason we need to involve CORS at all is that the web security
model only allows cross-origin POSTs if the content-type request
header is set to "application/x-www-form-urlencoded",
"multipart/form-data", or "text/plain". However sendBeacon allows
posting arbitrary content types.

We should define though that any CORS errors during the response
should be ignored. If we do that, effectively the only effect of using
CORS is that cross-origin beacons that use a content-type other than
the ones above will require a preflight.

If you use one of the content types above, the fact that we're using
CORS is effectively a no-op.

/ Jonas

Received on Thursday, 19 December 2013 19:44:44 UTC