Re: [beacon] CORS and Credentials questions. from Ilya Grigorik on 2014-01-08 (public-web-perf@w3.org from January 2014)

From: Ilya Grigorik <igrigorik@google.com>
Date: Wed, 8 Jan 2014 10:20:51 -0800
To: "doug.turner@gmail.com" <doug.turner@gmail.com>
Cc: Sigbjorn Finne <sof@opera.com>, public-web-perf <public-web-perf@w3.org>, Jonas Sicking <sicking@mozilla.com>, Mike West <mkwst@google.com>
Message-ID: <CADXXVKqTRZNmSDvEvrm5OdrxC_Z3=-jR--+T7pOBEsxsD-3AZw@mail.gmail.com>

On Wed, Jan 8, 2014 at 9:00 AM, doug.turner@gmail.com <doug.turner@gmail.com
> wrote:

> What I understand is (
> https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS):
>
> “””
> Also, if POST is used to send request data with a Content-Type other than
> application/x-www-form-urlencoded, multipart/form-data, or text/plain, e.g.
> if the POST request sends an XML payload to the server using
> application/xml or text/xml, then the request is preflighted.
>

It'd be nice if we can avoid preflights. Out of curiosity, why is
"text/plain" considered "safe" whereas "text/xml" is not? Seems completely
arbitrary, and in practice why would I just not mark my XML payloads as
text/plain to avoid extra roundtrip?

Beacon in particular is a bit peculiar in that we don't expect to read the
response, it's just a one way ping...

Received on Wednesday, 8 January 2014 18:21:58 UTC