ISSUE-31: Allow POST without a preflight with headers in a whitelist
post without preflight?
Allow POST without a preflight with headers in a whitelist
- State:
- CLOSED
- Product:
- HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
- Raised by:
- Samuel Weinig
- Opened on:
- 2008-07-02
- Description:
- Currently, only a GET request (with headers in a whitelist) is allowed to do a request without a preflight, but allowing POST as well would put it inline with what is possible in XDR as well as old fashion form submissions. The one difference would be that the content-type can be set, which may be of concern. Apparently, Flash has allowed cross-domain post requests with non-text/plain content type without issue.
- Related Actions Items:
- No related actions
- Related emails:
- Re: [access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32 (from art.barstow@nokia.com on 2008-10-16)
- Re: [access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32 (from jonas@sicking.cc on 2008-10-09)
- [access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32 (from art.barstow@nokia.com on 2008-10-09)
- [access-control] Issue list (from annevk@opera.com on 2008-07-08)
Related notes:
We should probably only do this if we do in fact consider it safe enough that the content-type can be set to arbitrary values by script. Otherwise we just encourage people to lie and use 'text/plain'
Jonas Sicking, 2 Jul 2008, 20:03:50Closed. See thread starting at: http://lists.w3.org/Archives/Public/public-webapps/2008OctDec/0076.html
Arthur Barstow, 21 Oct 2008, 16:10:52Display change log