If create an anonymous XHR request, rig it to GET a same-origin resource and
set a custom header, it will trigger a preflight and the same-origin resource
will have to opt in to receiving that custom header? Expected?
var xhr=new XMLHttpRequest({anonymous:true})
xhr.open('GET', '/')
xhr.setRequestHeader('X-foo', '')
xhr.send() // fails unless same-origin server has CORS enabled and opts-in to
X-foo header
At least by my reading of the current spec.
--
Hallvord R. M. Steen
Core tester, Opera Software
