- From: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
- Date: Wed, 08 May 2013 14:07:57 +0200
- To: public-webapps <public-webapps@w3.org>
If create an anonymous XHR request, rig it to GET a same-origin resource and set a custom header, it will trigger a preflight and the same-origin resource will have to opt in to receiving that custom header? Expected?
var xhr=new XMLHttpRequest({anonymous:true})
xhr.open('GET', '/')
xhr.setRequestHeader('X-foo', '')
xhr.send() // fails unless same-origin server has CORS enabled and opts-in to X-foo header
At least by my reading of the current spec.
--
Hallvord R. M. Steen
Core tester, Opera Software
Received on Wednesday, 8 May 2013 12:08:30 UTC