[openstreetmap-website] Allow cross-origin request to API (#138)
John Firebaugh
notifications at github.com
Mon Oct 22 16:42:03 GMT 2012
The only request headers [permitted](http://www.w3.org/TR/cors/#simple-header) for non-preflighted requests are `Accept`, `Accept-Language`, `Content-Language` and `Content-Type` with certain values. No `Cache-Control`, no `User-Agent`, no `Referer`. So your basic `$.get("http://www.openstreetmap.org/api/...")` or equivalent `$.ajax(...)` will always be preflighted.
---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/138#issuecomment-9671089
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20121022/8d352902/attachment.html>
More information about the rails-dev
mailing list