whitelist OPTIONS requests?

[Jonathan Price]

Do you guys tend to do this, or should I treat it with the same authentication requirements (i.e. a request token) as other verbs?

[Adam Tuttle]

If it's an AJAX CORS options request, then it should contain the authentication information anyway: that's half the point of the request ("if I changed the verb to {verb}, would this work? also what are acceptable verbs and headers at this URI?")

So my gut says you should enforce the same auth rules for options requests. If the options request fails, it means the following request would fail too.

Adam

On Tue, Jan 20, 2015 at 9:27 PM, Jonathan Price <purit...@gmail.com> wrote:

Do you guys tend to do this, or should I treat it with the same authentication requirements (i.e. a request token) as other verbs?

--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puritan Paul]

Makes sense to me.  I'm having trouble getting Angular to include it in the headers for OPTIONS, and this was my lazy workaround. Thanks.

You received this message because you are subscribed to a topic in the Google Groups "Taffy Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/taffy-users/ivYrcTNsKqs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to taffy-users...@googlegroups.com.