[CORS] Applying preflight cache to an entire domain? from Monsur Hossain on 2012-04-17 (public-webapps@w3.org from April to June 2012)

From: Monsur Hossain <monsur@gmail.com>
Date: Tue, 17 Apr 2012 16:35:16 -0500
To: public-webapps@w3.org
Message-ID: <CAKSyWQ=CGbzS1wE73gcZBbhMD-khc++rc0H3bxPFwKVaOW2NDQ@mail.gmail.com>

Hi there. The CORS spec currently indicates that the preflight cache should
store preflight responses for a particular origin/request url pair. That
means that multiple requests to different urls on the same domain will
always trigger a preflight, even if the preflight response is exactly the
same for those urls. If a server only accepts a set of well defined http
methods and http headers, then issuing the preflight on different requests
is redundant.

I was wondering if there could be a way for the server to indicate what
scope the preflight applies to? For example, the default could still be to
cache per origin/request-url, but maybe the server could set a special
"Access-Control-Max-Age-Scope: domain" response header to indicate that the
preflight response can be used for any request to the domain. Has anything
like this been considered?

Thanks,
Monsur

Received on Wednesday, 18 April 2012 12:04:06 UTC