- From: <bugzilla@jessica.w3.org>
- Date: Mon, 20 Oct 2014 23:13:41 +0000
- To: public-webapps-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20322 --- Comment #17 from Jonas Sicking <jonas@sicking.cc> --- Gecko does not force a preflight for sameorigin requests if there's a progress listener. Doing so would likely break a lot of existing content that was written before CORS existed. However gecko does not support redirecting to cross-origin in that case since we generally don't support redirects when a preflight is required. Both because this used to be what the spec required, and because doing anything else used to be impossible due to the design of Gecko's network library. And yes, I believe the force-preflight flag was added to avoid making it possible to detect servers. I agree it's doubtful if that's really useful. Feel free to reach out to the mozilla security team to see if they feel comfortable removing this restriction. Obviously other browser vendors might have the same concern. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 20 October 2014 23:13:43 UTC