Even more on the subject and related to the posts and information kindly given by Sander Elias.
> it is impossible to avoid a preflight on PUT/DELETE requests > If your API returns JSON, note that a Content-Type of 'application/json' also > triggers a preflight. And the author ends by saying: > There's very little you can do to limit preflights over the course of a long > running app. I'm hopeful the authors of the CORS spec will try to address > this in the future. So all these points make no sense because the only thing that matters is that the content type will always be application/json. This is so frustrating. How does all other api work? like google maps and stuff like that? I bet they get away with no pre-flight :-) Franky Diaz-Trepat Full Stack Engineer +1 (720) 295-0592 / 401-1276 skype: franky.diaz.trepat fra...@continu.co > On Jun 12, 2015, at 3:42 AM, Franky Diaz-Trepat <fra...@continu.co> wrote: > > I don’t think so. They are subordinates of the same domain. > > Domain names are organized in subordinate levels (subdomains) of the DNS root > <https://en.wikipedia.org/wiki/DNS_root> domain, which is nameless. > > Then com. then mydomain then subordinates to mydomain like app api app2 these > are all subordinates within my organization. > > Never mind that now. The concept of CORS is heavily pointed towards having > one site like app.domain.co <http://app.domain.co/> ask RESTRICTED resources > from another domain like js.yahoo.com <http://js.yahoo.com/>. > > The fact that only Chrome and Firefox, and in Firefox you can whitelist > sub-domains might also be something worth noting in this discussion. > > Franky Diaz-Trepat > Full Stack Engineer > +1 (720) 295-0592 / 401-1276 > skype: franky.diaz.trepat > fra...@continu.co <mailto:fra...@continu.co> >> On Jun 11, 2015, at 10:09 PM, John Maxwell <j...@jmaxhome.com >> <mailto:j...@jmaxhome.com>> wrote: >> >> On 06/11/2015 09:30:28 PM, Franky Diaz-Trepat wrote: >>> I don’t understand how app.mydomain.com <http://app.mydomain.com/> >>> <http://app.mydomain.com/ <http://app.mydomain.com/>> and api.mydomain.com >>> <http://api.mydomain.com/> <http://api.mydomain.com/ >>> <http://api.mydomain.com/>> >>> 1-A restricted resource >>> 2- ANOTHER DOMAIN >> >> Can't help with most of your questions, but I'd like to point out that >> "app.mydomain.com <http://app.mydomain.com/>" and "api.mydomain.com >> <http://api.mydomain.com/>" are indeed separate domains. The fact that >> they're both sub-domains of the domain "mydomain.com <http://mydomain.com/>" >> doesn't change that. So there's that much of your problem. >> >> -John >> >> -- >> John Maxwell KB3VLL j...@jmaxhome.com <mailto:j...@jmaxhome.com> >> >> For those who like this sort of thing, this is the sort of thing they >> like. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "AngularJS" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/angular/8krFnmC_Svs/unsubscribe >> <https://groups.google.com/d/topic/angular/8krFnmC_Svs/unsubscribe>. >> To unsubscribe from this group and all its topics, send an email to >> angular+unsubscr...@googlegroups.com >> <mailto:angular+unsubscr...@googlegroups.com>. >> To post to this group, send email to angular@googlegroups.com >> <mailto:angular@googlegroups.com>. >> Visit this group at http://groups.google.com/group/angular >> <http://groups.google.com/group/angular>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to angular+unsubscr...@googlegroups.com. To post to this group, send email to angular@googlegroups.com. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
