This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-05-13
Channels
- # announcements (5)
- # babashka (35)
- # beginners (65)
- # braveandtrue (3)
- # calva (20)
- # cider (6)
- # clara (11)
- # cljs-dev (36)
- # cljsrn (64)
- # clojure (65)
- # clojure-europe (6)
- # clojure-germany (13)
- # clojure-italy (14)
- # clojure-nl (22)
- # clojure-spec (16)
- # clojure-sweden (6)
- # clojure-uk (81)
- # clojurescript (71)
- # conjure (120)
- # cursive (3)
- # datomic (10)
- # events (4)
- # figwheel (4)
- # figwheel-main (5)
- # fulcro (36)
- # ghostwheel (1)
- # graalvm (8)
- # helix (9)
- # jobs (4)
- # jobs-discuss (12)
- # kaocha (33)
- # leiningen (5)
- # luminus (1)
- # off-topic (24)
- # pathom (7)
- # rdf (4)
- # re-frame (3)
- # reagent (15)
- # reitit (11)
- # remote-jobs (1)
- # shadow-cljs (97)
- # slack-help (3)
- # spacemacs (23)
- # vim (15)
- # xtdb (35)
When you make a request from your browser client, if you dont enable cors but you request to a different origin does the browser still make the request but not let you read the response? or does it just block the request? I would think the later, but i can't find a definitive answer.
The browser will make an OPTIONS request and if the response to that looks invalid, it will not issue the original (GET, POST, etc) request.
@drewverlee The result of the OPTIONS request is cached, so the browser doesn't have to make both requests every time.
I'm aware of the browser issueing a preflight request in none simple (a defined set of rules). That's what you mean by options?
Err, it must be different if it's cacheing it, the preflight is a separate request.
I mean literally an OPTIONS HTTP request.
The browser sends it automatically prior to a "non-simple" request for XHR. (edited to refer to simple/non-simple per the MDN link I posted below)
(that's what the "preflight" request is)
So the preflight check is: do we have recent cached permissions for this request? If not, send an OPTIONS request, and cache that result. Look in the cache for the permissions and either perform the original request or not.
Make sense?
(I can't remember exactly under what circumstances the browser does the preflight check, whether it's all types of requests or just "destructive" verbs -- I'd have to go look that up)
It explains here where CORS is bypassed: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests
So some POST requests are not preflighted and some GET requests are. TIL: the subtleties of XHR š
(ah, so POST requests that are not preflighted would need to be independently protected by cross-site scripting detection etc)
Gotcha. makes sense.
executable ASCII diagrams. e.g. a macro that takes an ASCII diagram and creates a state machine / control flow mechanism which can execute within a program. someone has had this idea before. my googling is failing. anyone know of such a thing?
https://github.com/semperos/rankle/blob/master/test/com/semperos/rankle/util_test.clj#L33-L36
from this talk: https://www.youtube.com/watch?v=b5UK-VHbJlQ&list=PLZdCLR02grLpMkEBXT22FTaJYxB92i3V3&index=20
this seems close, https://github.com/cdorrat/reduce-fsm
Data specification and generation library for Elixir - this reminds me of schema/spec: https://github.com/keathley/norm