[callumjones]

The problem with WS is that is significantly more complex than HTTP when it comes to caching.

With WS you can’t leverage a CDN hosted solution and instead would need some complicated CDN that is aware of state.

I like HTTP because it just works, especially behind buggy corporate and mobile network firewalls.

[pas]

You only cache GET responses, no? For those you don't need CORS anyway, and anything that's user specific should remain strictly between you and the user, right? (And for that WSS is perfect.)

[al2o3cr]

> For those you don't need CORS anyway

CORS is needed for GET if the request needs to send headers like `Authorization`, AFAIK

[lostcolony]

Yes. There are a few safelisted headers (and relatedly, content-types) that do not trigger a pre-flight; any GET that uses something outside of them (such as 'authorization") gets preflighted.

[mr_toad]

Yes, here’s a full list

https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_...