<blockquote>
<p>Not sure what you mean by this. Cross-origin GET requests are subject to the same origin policy, so the map call does need OPTIONS support.</p>
</blockquote>

<p>Not true - requests using GET (or POST with certain content types) do not need a pre-flight OPTIONS check. See:</p>

<p><a href="http://en.wikipedia.org/wiki/Cross-origin_resource_sharing#How_CORS_works">http://en.wikipedia.org/wiki/Cross-origin_resource_sharing#How_CORS_works</a><br><a href="https://developer.mozilla.org/en-US/docs/HTTP_access_control#Preflighted_requests">https://developer.mozilla.org/en-US/docs/HTTP_access_control#Preflighted_requests</a><br><a href="http://www.w3.org/TR/cors/#resource-preflight-requests">http://www.w3.org/TR/cors/#resource-preflight-requests</a></p>

            <p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">
              —<br>
              Reply to this email directly or <a href='https://github.com/openstreetmap/openstreetmap-website/pull/138#issuecomment-9669834'>view it on GitHub</a>.
            </p>
            <img src='https://github.com/notifications/beacon/J6T91GIPIyhU-8ti4GCGP98_UZTRAhtyIjAjorWDZ_nWu82uFyvlCuklzUHbr5qR.gif' height='1' width='1'>