A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.
To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).
HTTP Fetch Policy: Difference between revisions
(add websocket) |
|||
Line 10: | Line 10: | ||
* Never work: CONNECT, TRACE, and TRACK (subset of the above). | * Never work: CONNECT, TRACE, and TRACK (subset of the above). | ||
Author headers: Everything but [http://xhr.spec.whatwg.org/#dom-xmlhttprequest-setrequestheader setRequestHeader()]. | Author headers: Everything but [http://xhr.spec.whatwg.org/#dom-xmlhttprequest-setrequestheader setRequestHeader()] limitations. | ||
Headers: Host, Origin, ... | Headers: Host, Origin, ... |
Revision as of 19:22, 23 March 2013
This document tries to document the platform's fetching policy for HTTP.
Request
General limitations
Methods:
- Uppercased (so e.g. geT becomes GET): CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE, and TRACK.
- Never work: CONNECT, TRACE, and TRACK (subset of the above).
Author headers: Everything but setRequestHeader() limitations.
Headers: Host, Origin, ...
Body: No limitations
Additional general cross-origin (no preflight) limitations
Methods: Only GET, HEAD, and POST.
Author headers: Only Accept, Accept-Language, Content-Language, and Content-Type. If Content-Type, value excluding parameters must be application/x-www-form-urlencoded, multipart/form-data, or text/plain.
EventSource cross-origin (no preflight) allowance
Headers: Also Last-Event-ID
CSP cross-origin (no preflight) allowance
Headers: Also Content-Type with value application/json
WebSocket cross-origin (no preflight) allowance
Headers: Also Upgrade: websocket, Connection: Upgrade, Sec-WebSocket-Key, Sec-WebSocket-Protocol, Sec-WebSocket-Version
Response
...