Hi Thomas and everyone,
So I realize that I'm not quite understanding your previous mail. It
sounds like you have some alternative proposal in mind which I'm not
following.
So let me start by stating my concerns:
My concern with the current spec is that once a server in the pre-flight
request has opted in to the Access-Control spec, it is not going to be
able to "correctly" handle all the possible requests that are enabled by
the opt-in. With "correctly" here defined as what the server operator
had in mind when opting in.
I have this concern since currently opting in means that you have to
deal with all possible combinations of all valid http headers and http
methods.
There is currently no way for the server operator to opt in without also
having to deal with this.
In the initial mail in this thread I had a proposal to address this
concern. At the cost of some complexity in the client.
It sounds like you have a counter proposal. Before you describe this
proposal, I have four questions:
What is the purpose of the proposal?
Does this proposal still address all or part of my above concern?
Is it simpler than my proposal?
Is it simpler than the current spec?
And then finally I'm of course interested to hear what your proposal
actually is :)
Best Regards,
/ Jonas
