[CORS] Preflight algorithm and content types from Alexey Proskuryakov on 2009-03-16 (public-webapps@w3.org from January to March 2009)

From: Alexey Proskuryakov <ap@webkit.org>
Date: Mon, 16 Mar 2009 14:43:36 +0300
To: public-webapps <public-webapps@w3.org>
Message-Id: <EC04C6CA-F71B-4C80-AE4D-F0485FBB6324@webkit.org>

Per the current CORS spec draft, cross-origin request with preflight  
algorithm is followed if Content-Type is set, and it is not one of the  
three predefined types. However, the preflight algorithm itself  
immediately decides to skip preflight if these conditions are true:

  * For request method there either is a method cache match or it is a  
simple method.
  * For every header field name of custom request headers there either  
is a header cache match or it is a simple header.

It seems that a check for content type should be added here, as well.

- WBR, Alexey Proskuryakov

Received on Monday, 16 March 2009 11:44:13 UTC