W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [XHR2] Upload progress events and simple cross-origin requests

From: Alexey Proskuryakov <ap@webkit.org>
Date: Thu, 19 Mar 2009 21:17:57 +0300
Cc: Ian Hickson <ian@hixie.ch>, public-webapps <public-webapps@w3.org>
Message-Id: <EE0D74F6-CC26-41DB-88CD-31E9AA711807@webkit.org>
To: Jonas Sicking <jonas@sicking.cc>

19.03.2009, Χ 21:00, Jonas Sicking ΞΑΠΙΣΑΜ(Α):

> While I agree that there are other ways of doing this, I think I'd
> have a really hard time selling a feature that explicitly allows port
> scanning to our security team. Especially when there is an easy
> remedy.


The price comes mainly in the form of developer time - first, they  
will be inconvenienced by arbitrary restrictions on when they can  
install event listeners, and then (but more significantly), they'll  
have to implement OPTIONS server-side, even if they didn't need it  
otherwise. There is also some price in performance due to making a  
preflight request, although I guess it's negligible in cases when  
upload progress events will be used. Finally, there can potentially be  
a compatibility problem if some proxy is not configured to pass  
OPTIONS requests, but I do not have any data on whether that's likely.

That said, I don't care too much either way.

- WBR, Alexey Proskuryakov
Received on Thursday, 19 March 2009 18:18:33 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT