W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Allow custom headers (Websocket API)

From: Florian Bösch <pyalot@gmail.com>
Date: Thu, 5 Feb 2015 14:48:46 +0100
Message-ID: <CAOK8ODgaJyrstr-FaAMmMLjBiWnqzLS2iW1mwTV3nYXS-eq6KQ@mail.gmail.com>
To: Takeshi Yoshino <tyoshino@google.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Michiel De Mey <de.mey.michiel@gmail.com>, WebApps WG <public-webapps@w3.org>
On Thu, Feb 5, 2015 at 2:44 PM, Takeshi Yoshino <tyoshino@google.com> wrote:

> IIUC, CORS prevents clients from issuing non-simple cross-origin request
> (even idempotent methods) without verifying that the server understands
> CORS. That's realized by preflight.

Incorrect, the browser will perform idempotent requests (for instance <img>
or XHR GET) across domains without a preflight request. It will however not
make the data available to the client (javascript specifically) unless CORS
is satisfied (XHR GET will error out, and <img> will throw a glError on
gl.texImage2D if CORS isn't satisfied).
Received on Thursday, 5 February 2015 13:49:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:43 UTC