On Thu, Feb 19, 2015 at 3:30 AM, Anne van Kesteren <ann...@annevk.nl> wrote: > On Thu, Feb 19, 2015 at 12:17 PM, Dale Harvey <d...@arandomurl.com> wrote: >> With Couch / PouchDB we are working with an existing REST API wherein every >> request is to a different url (which is unlikely to change), the performance >> impact is significant since most of the time is used up by latency, the CORS >> preflight request essentially double the time it takes to do anything > > Yeah, also, it should not be up to us how people design their HTTP > APIs. Limiting HTTP in that way because it is hard to make CORS scale > seems bad. > > > I think we've been too conservative when introducing CORS. It's > effectively protecting content behind a firewall,
...and content that uses user credentials like cookies. / Jonas
