SSE; hixie: Mention CORS in text/event-stream security considerations. (whatwg r6369) from poot on 2011-08-04 (public-html-diffs@w3.org from August 2011)

From: poot <cvsmail@w3.org>
Date: Thu, 04 Aug 2011 17:43:08 -0400
To: public-html-diffs@w3.org
Message-Id: <E1Qp5h6-0004HD-HO@jay.w3.org>

SSE; hixie: Mention CORS in text/event-stream security considerations.
(whatwg r6369)

http://dev.w3.org/cvsweb/html5/eventsource/Overview.html?r1=1.184&r2=1.185&f=h
http://html5.org/tools/web-apps-tracker?from=6368&to=6369

===================================================================
RCS file: /sources/public/html5/eventsource/Overview.html,v
retrieving revision 1.184
retrieving revision 1.185
diff -u -d -r1.184 -r1.185
--- Overview.html 28 Jul 2011 01:29:19 -0000 1.184
+++ Overview.html 4 Aug 2011 21:43:02 -0000 1.185
@@ -213,7 +213,7 @@
 
    <h1>Server-Sent Events</h1>
    
-   <h2 class="no-num no-toc" id="editor-s-draft-28-july-2011">Editor's Draft 28 July 2011</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-4-august-2011">Editor's Draft 4 August 2011</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/eventsource/">http://www.w3.org/TR/eventsource/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -321,7 +321,7 @@
   </dl><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications
   Working Group</a> is the W3C working group responsible for this
   specification's progress along the W3C Recommendation track.
-  This specification is the 28 July 2011 Editor's Draft.
+  This specification is the 4 August 2011 Editor's Draft.
   </p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5
   February 2004 W3C Patent Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of
   any patent disclosures</a> made in connection with the deliverables
@@ -919,7 +919,8 @@
 
     <p>An event stream from an origin distinct from the origin of the
     content consuming the event stream can result in information
-    leakage. To avoid this, user agents are required to  block all cross-origin loads. </p>
+    leakage. To avoid this, user agents are required to apply CORS
+    semantics. <a href="#refsCORS">[CORS]</a></p>
 
     <p>Event streams can overwhelm a user agent; a user agent is
     expected to apply suitable restrictions to avoid depleting local

Received on Thursday, 4 August 2011 21:43:09 UTC