Re: [CORS] Access-Control-Request-Method

On Wed, Feb 15, 2012 at 4:24 AM, Anne van Kesteren <annevk@opera.com> wrote:
> On Wed, 15 Feb 2012 08:05:36 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
>>
>> Just add the "force preflight flag is unset" condition to only the "is
>> simple method" check. That way a cache hit still counts prevents a
>> preflight even if the force-flag is set.
>>
>> Note that a cache hit can only happen if a preflight-check has been
>> successful *from the requesting origin*. So things should still be
>> safe.
>>
>> At least that's how we have it implemented in Firefox.
>
>
> I think I fixed this now:
>
>  http://dvcs.w3.org/hg/cors/rev/b64d6dd50a2d
>
> The only implication I see is that if the "force preflight flag" was the
> only reason for the preflight, the preflight will always happen.

Why is that? That's not what happens in the firefox implementation.
We'll preflight the first time and then cache the result (if the
maxtime header is set of course)

/ Jonas

Received on Wednesday, 15 February 2012 13:33:26 UTC