[openstreetmap-website] Allow cross-origin request to API (#138)

John Firebaugh notifications at github.com
Mon Oct 22 16:42:03 GMT 2012

The only request headers [permitted](http://www.w3.org/TR/cors/#simple-header) for non-preflighted requests are `Accept`, `Accept-Language`, `Content-Language` and `Content-Type` with certain values. No `Cache-Control`, no `User-Agent`, no `Referer`. So your basic `$.get("http://www.openstreetmap.org/api/...")` or equivalent `$.ajax(...)` will always be preflighted.

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20121022/8d352902/attachment.html>

More information about the rails-dev mailing list