On Thu, Feb 19, 2015 at 5:29 AM, Anne van Kesteren wrote:
> When the user agent is about to make its first preflight to an origin
> (timeout up to the user agent), it first makes a preflight that looks
> like:
>
> OPTIONS *
> Access-Control-Request-Origin-Wide-Cache: [origin]
> Access-Contro
Dale Harvey wrote:
>> I believe none of these require preflight unless a mistake is being
>> made (probably setting Content-Type on GET requests).
>
> http://www.w3.org/TR/cors/#preflight-result-cache-0
>
> If the cache is against the url, and we are sending requests to different
> urls, wont requ
On Thu, Feb 19, 2015 at 4:49 AM, Dale Harvey wrote:
>> so presumably it is OK to set the Content-Type to text/plain
>
> Thats not ok, but may explain my confusion, is Content-Type considered a
> Custom Header that will always trigger a preflight?
To be clear, my comment was about POST requests to
Dale Harvey wrote:
> The REST api pretty much by design means a unique url per request
CouchDB has http://wiki.apache.org/couchdb/HTTP_Bulk_Document_API,
which allows you to fetch or edit and create multiple documents at
once, with one HTTP request. CouchDB's documentation says you're
supposed to
Dale Harvey wrote:
> With Couch / PouchDB we are working with an existing REST API wherein every
> request is to a different url (which is unlikely to change), the performance
> impact is significant since most of the time is used up by latency, the CORS
> preflight request essentially double the
On Thu, Feb 19, 2015 at 2:45 AM, Anne van Kesteren wrote:
> On Thu, Feb 19, 2015 at 11:43 AM, Brian Smith wrote:
>> 1. Preflight is only necessary for a subset of CORS requests.
>> Preflight is never done for GET or HEAD, and you can avoid preflight
>> for POST requests by m
Anne van Kesteren wrote:
> Concerns raised by Monsur
> https://lists.w3.org/Archives/Public/public-webapps/2012AprJun/0260.html
> and others before him are still valid.
>
> When you have an HTTP API on another origin you effectively get a huge
> performance penalty. Even with caching of preflights
On Fri, Aug 1, 2014 at 5:37 AM, Mike West wrote:
> On Thu, Jul 31, 2014 at 6:37 PM, Brian Smith wrote:
>> particular, if we are worried about XSS stealing passwords then we
>> have to consider the possibility that XSS has inserted a form without
>> any httponly attribu
On Thu, Jul 31, 2014 at 9:37 AM, Brian Smith wrote:
> Web browsers with sandboxed child processes have the networking logic
> in the more-privileged parent process. The purpose of sandboxing is to
> protect against exploits in the child process. It would be useful for
> the proce
On Thu, Jul 31, 2014 at 8:19 AM, Jacob S Hoffman-Andrews wrote:
> I'd say there are approximately three styles for login form submission:
> A) No JS. A with some 's that gets submitted when
> you click an .
> B) Some JS. A that gets submitted by JS calling form.submit().
> C) All JS. A set of
10 matches
Mail list logo