[openstreetmap-website] Allow cross-origin request to API (#138)

Tom Hughes notifications at github.com
Mon Oct 22 16:10:49 GMT 2012


> Not sure what you mean by this. Cross-origin GET requests are subject to the same origin policy, so the map call does need OPTIONS support.

Not true - requests using GET (or POST with certain content types) do not need a pre-flight OPTIONS check. See:

http://en.wikipedia.org/wiki/Cross-origin_resource_sharing#How_CORS_works
https://developer.mozilla.org/en-US/docs/HTTP_access_control#Preflighted_requests
http://www.w3.org/TR/cors/#resource-preflight-requests

---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/138#issuecomment-9669834
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20121022/896f5293/attachment.html>


More information about the rails-dev mailing list