You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A good web application framework will discern between a preflight and a non-Preflight request and give the dev an option to handle the non-preflight.
What this dance will do in a browser, since both the nonce-fetching and actual request is
OPTIONS Preflight for the nonce-fetch
nonce-fetch
OPTIONS Preflight for the actual request
actual request
The js client has no access to the preflight response so there's no option to make the preflight the nonce-value vessel. Of course at the point the actual request's preflight the nonce must be incorporated in the request.
(meetecho messed up the list formatting)
fix: since both the nonce-fetching and actual request * are not "simple" requests
Filip Skokan at IETF 122:
A good web application framework will discern between a preflight and a non-Preflight request and give the dev an option to handle the non-preflight.
What this dance will do in a browser, since both the nonce-fetching and actual request is
OPTIONS Preflight for the nonce-fetch
nonce-fetch
OPTIONS Preflight for the actual request
actual request
The js client has no access to the preflight response so there's no option to make the preflight the nonce-value vessel. Of course at the point the actual request's preflight the nonce must be incorporated in the request.
(meetecho messed up the list formatting)
fix: since both the nonce-fetching and actual request * are not "simple" requests
see "simple requests" https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS#simple_requests
The text was updated successfully, but these errors were encountered: