jeena/en.javascript.info
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions

fix

Browse source
This commit is contained in:
Ilya Kantor 2019-05-15 14:14:52 +03:00
parent 1072055fdc
commit 0d2fc22af8
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
5-network/04-fetch-crossorigin/article.md
View file

@ -198,7 +198,7 @@ A preflight request uses method `OPTIONS` and has no body.
If the server agrees to serve the requests, then it should respond with status 200, without body. If the server agrees to serve the requests, then it should respond with status 200, without body.
- The response header `Access-Control-Allow-Method` must have the allowed method. - The response header `Access-Control-Allow-Methods` must have the allowed method.
- The response header `Access-Control-Allow-Headers` must have a list of allowed headers. - The response header `Access-Control-Allow-Headers` must have a list of allowed headers.
- Additionally, the header `Access-Control-Max-Age` may specify a number of seconds to cache the permissions. So the browser won't have to send a preflight for subsequent requests that satisfy given permissions. - Additionally, the header `Access-Control-Max-Age` may specify a number of seconds to cache the permissions. So the browser won't have to send a preflight for subsequent requests that satisfy given permissions.
@ -243,7 +243,7 @@ Access-Control-Request-Headers: Content-Type,API-Key
### Step 2 (preflight response) ### Step 2 (preflight response)
The server should respond with status 200 and headers: The server should respond with status 200 and headers:
- `Access-Control-Allow-Method: PATCH` - `Access-Control-Allow-Methods: PATCH`
- `Access-Control-Allow-Headers: Content-Type,API-Key`. - `Access-Control-Allow-Headers: Content-Type,API-Key`.
That would allow future communication, otherwise an error is triggered. That would allow future communication, otherwise an error is triggered.
@ -364,7 +364,7 @@ Additionally, if JavaScript wants no access non-simple response headers:
- `Access-Control-Request-Method` has requested method. - `Access-Control-Request-Method` has requested method.
- `Access-Control-Request-Headers` lists non-simple requested headers - `Access-Control-Request-Headers` lists non-simple requested headers
- ← The server should respond with status 200 and headers: - ← The server should respond with status 200 and headers:
- `Access-Control-Allow-Method` with a list of allowed methods, - `Access-Control-Allow-Methods` with a list of allowed methods,
- `Access-Control-Allow-Headers` with a list of allowed headers, - `Access-Control-Allow-Headers` with a list of allowed headers,
- `Access-Control-Max-Age` with a number of seconds to cache permissions. - `Access-Control-Max-Age` with a number of seconds to cache permissions.
- Then the actual request is sent, the previous "simple" scheme is applied. - Then the actual request is sent, the previous "simple" scheme is applied.