| ▲ | n_e 7 hours ago | |
Interestingly, despite the QUERY request being safe, the RFC says it's subject to preflight requests: > A QUERY request from user agents implementing Cross-Origin Resource Sharing (CORS) will require a "preflight" request, as QUERY does not belong to the set of CORS-safelisted methods (see [FETCH]). | ||
| ▲ | CodesInChaos 7 hours ago | parent [-] | |
That paragraph merely describes how existing browsers behave, it doesn't specify how future browsers must behave. After all, a HTTP RFC isn't really the right place to specify browser specific behavior like CORS, that belongs in a W3C/WHATWG specification. | ||