Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"Since the only way (I believe) to get a POST to fire cross-domain, without explicit user interaction through, say, a regular HTML form, is through JavaScript, the browser would refuse to make the request unless the CORS headers explicitly allowed it."

I'm not quite sure what you're trying to say here. But you can make cross-domain POST requests in two ways, both involving JavaScript:

1. Create an HTML form, use JavaScript to submit it.

2. Use XMLHttpRequest to make a cross-domain POST.



Yes: "the only way [...] to get a POST to fire cross-domain [...] is through JavaScript".

The request would go against the same-origin policy, at which point CORS comes into play.

Edit: Ah, but creating a form in the DOM and submitting it via JavaScript... that one I hadn't thought of.


To fire automatically, yes: getting people to click on a button of their own free will is easy though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: