Fork me on GitHub
#off-topic
<
2020-05-13
>
Drew Verlee00:05:02

When you make a request from your browser client, if you dont enable cors but you request to a different origin does the browser still make the request but not let you read the response? or does it just block the request? I would think the later, but i can't find a definitive answer.

seancorfield01:05:51

The browser will make an OPTIONS request and if the response to that looks invalid, it will not issue the original (GET, POST, etc) request.

šŸ‘ 4
seancorfield01:05:56

@drewverlee The result of the OPTIONS request is cached, so the browser doesn't have to make both requests every time.

Drew Verlee01:05:14

I'm aware of the browser issueing a preflight request in none simple (a defined set of rules). That's what you mean by options?

Drew Verlee01:05:00

Err, it must be different if it's cacheing it, the preflight is a separate request.

seancorfield01:05:59

I mean literally an OPTIONS HTTP request.

seancorfield01:05:42

The browser sends it automatically prior to a "non-simple" request for XHR. (edited to refer to simple/non-simple per the MDN link I posted below)

seancorfield01:05:41

(that's what the "preflight" request is)

seancorfield01:05:27

So the preflight check is: do we have recent cached permissions for this request? If not, send an OPTIONS request, and cache that result. Look in the cache for the permissions and either perform the original request or not.

seancorfield01:05:30

(I can't remember exactly under what circumstances the browser does the preflight check, whether it's all types of requests or just "destructive" verbs -- I'd have to go look that up)

seancorfield01:05:32

So some POST requests are not preflighted and some GET requests are. TIL: the subtleties of XHR šŸ™‚

seancorfield01:05:16

(ah, so POST requests that are not preflighted would need to be independently protected by cross-site scripting detection etc)

Drew Verlee13:05:16

Gotcha. makes sense.

lilactown19:05:23

executable ASCII diagrams. e.g. a macro that takes an ASCII diagram and creates a state machine / control flow mechanism which can execute within a program. someone has had this idea before. my googling is failing. anyone know of such a thing?

dpsutton19:05:49

i think racket has 2d macro forms

lilactown19:05:20

@dpsutton yess that is in a similar vein to what Iā€™m thinking of

isak21:05:52

Data specification and generation library for Elixir - this reminds me of schema/spec: https://github.com/keathley/norm