ISSUE-31: Allow POST without a preflight with headers in a whitelist

post without preflight?

Allow POST without a preflight with headers in a whitelist

State:
CLOSED
Product:
HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
Raised by:
Samuel Weinig
Opened on:
2008-07-02
Description:
Currently, only a GET request (with headers in a whitelist) is allowed to do a request without a preflight, but allowing POST as well would put it inline with what is possible in XDR as well as old fashion form submissions. The one difference would be that the content-type can be set, which may be of concern. Apparently, Flash has allowed cross-domain post requests with non-text/plain content type without issue.
Related Actions Items:
No related actions
Related emails:
  1. Re: [access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32 (from art.barstow@nokia.com on 2008-10-16)
  2. Re: [access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32 (from jonas@sicking.cc on 2008-10-09)
  3. [access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32 (from art.barstow@nokia.com on 2008-10-09)
  4. [access-control] Issue list (from annevk@opera.com on 2008-07-08)

Related notes:

We should probably only do this if we do in fact consider it safe enough that the content-type can be set to arbitrary values by script. Otherwise we just encourage people to lie and use 'text/plain'

Jonas Sicking, 2 Jul 2008, 20:03:50

Closed. See thread starting at: http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/0076.html

Arthur Barstow, 21 Oct 2008, 16:10:52

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 31.html,v 1.1 2016/01/25 10:26:20 carine Exp $