On Wed, Mar 18, 2009 at 1:04 PM, Alexey Proskuryakov <ap@webkit.org> wrote: > Per the current XHR2 spec draft, upload progress events are not sent if the > cross-origin request didn't do preflight. What is the rationale behind this > requirement? > > I used to think that this was necessary to prevent port scans of internal > networks, but that can be done via other mechanisms anyway, as far as I > know. It can, though potentially not as reliably. And it's also something we'd like to fix. In other words, port-scanning of intranets isn't something I'd like to build into the standard. Especially when protection for it comes at a relatively low cost. Low enough that it's very doubtful authors will ever notice this. / JonasReceived on Wednesday, 18 March 2009 23:49:20 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT