Re: [CORS] Access-Control-Request-Method

On Wed, 15 Feb 2012 08:05:36 +0100, Jonas Sicking <> wrote:
> Just add the "force preflight flag is unset" condition to only the "is
> simple method" check. That way a cache hit still counts prevents a
> preflight even if the force-flag is set.
> Note that a cache hit can only happen if a preflight-check has been
> successful *from the requesting origin*. So things should still be
> safe.
> At least that's how we have it implemented in Firefox.

I think I fixed this now:

The only implication I see is that if the "force preflight flag" was the  
only reason for the preflight, the preflight will always happen.

(Please disregard the missing "the" I introduced. Already fixed.)

Anne van Kesteren

Received on Wednesday, 15 February 2012 09:25:07 UTC