- From: Simon Pieters <simonp@opera.com>
- Date: Thu, 19 Dec 2013 22:08:04 +0100
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "public-web-perf@w3.org" <public-web-perf@w3.org>
On Thu, 19 Dec 2013 20:43:42 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > On Thu, Dec 19, 2013 at 3:02 AM, Simon Pieters <simonp@opera.com> wrote: >> Why does this API use a CORS request for cross-origin requests? Since >> there's no way to read the response, it seems pointless. Just always do >> a >> normal fetch. > > The reason we need to involve CORS at all is that the web security > model only allows cross-origin POSTs if the content-type request > header is set to "application/x-www-form-urlencoded", > "multipart/form-data", or "text/plain". However sendBeacon allows > posting arbitrary content types. > > We should define though that any CORS errors during the response > should be ignored. If we do that, effectively the only effect of using > CORS is that cross-origin beacons that use a content-type other than > the ones above will require a preflight. > > If you use one of the content types above, the fact that we're using > CORS is effectively a no-op. I see, thanks. -- Simon Pieters Opera Software
Received on Thursday, 19 December 2013 21:08:35 UTC