Re: [fetch] RFC: a mechanism to bypass CORS preflight (#210)

FWIW - an origin-wide preflight would be helpful (if limited), I think.

Right now, CORS preflights "punch through" reverse proxies (like Varnish) and CDNs (like Akamai) to the origin, because CORS caching is only designed for browsers; for example, there's no way to tell if a response can be reused for another client, or whether it's specific to the request it's associated with.

While ad hoc / proprietary ways to cache CORS preflights could be defined, the authoring experience would be pretty horrid (because it'd be up to which reverse proxy / CDN you use).

My draft was trying to define a generic way to handle OPTIONS caching, so that any other use of OPTIONS would also benefit. By making OPTIONS responses "normal" HTTP responses, you can use any existing HTTP caching mechanism on it (Cache-Control, Expires, Vary, Key, If-Modified-Since, invalidation mechanisms, etc.). 


---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/210#issuecomment-178269098

Received on Tuesday, 2 February 2016 00:12:43 UTC