Ah thank you! I agree that url canonicalization is a difficult issue to
solve. FWIW, I was envisioning something much simpler. The CORS spec makes
it clear that cache lookup should be done by origin and request url. So
instead of specifying a url to this Access-Control-Policy-Path header, it
would be just one of three values:

   - "url" - (default behavior) Cache lookup is done by origin and request
   url, as the spec indicates now
   - "origin" - Cache lookup is done by origin only. Preflight response
   applies to any request from this origin.
   - "any" - Cache lookup applies to *any* origin making requests to the

This would fit in with the current preflight caching model while still
allowing some flexibility to servers implementing CORS.


On Wed, Apr 18, 2012 at 7:16 AM, Anne van Kesteren <ann...@opera.com> wrote:

> On Tue, 17 Apr 2012 23:35:16 +0200, Monsur Hossain <mon...@gmail.com>
> wrote:
>> Hi there. The CORS spec currently indicates that the preflight cache
>> should
>> store preflight responses for a particular origin/request url pair. That
>> means that multiple requests to different urls on the same domain will
>> always trigger a preflight, even if the preflight response is exactly the
>> same for those urls. If a server only accepts a set of well defined http
>> methods and http headers, then issuing the preflight on different requests
>> is redundant.
>> I was wondering if there could be a way for the server to indicate what
>> scope the preflight applies to? For example, the default could still be
>> to cache per origin/request-url, but maybe the server could set a special
>> "Access-Control-Max-Age-Scope: domain" response header to indicate that
>> the preflight response can be used for any request to the domain. Has
>> anything like this been considered?
> Yes.
> http://lists.w3.org/Archives/**Public/public-appformats/**
> 2008May/0039.html<http://lists.w3.org/Archives/Public/public-appformats/2008May/0039.html>
> --
> Anne van Kesteren
> http://annevankesteren.nl/

Reply via email to