W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

Re: [CORS] What constitutes a "network error"?

From: Anne van Kesteren <annevk@opera.com>
Date: Sun, 25 Jul 2010 23:33:30 +0200
To: "Alexey Proskuryakov" <ap@webkit.org>, "Jonas Sicking" <jonas@sicking.cc>
Cc: "Webapps WG" <public-webapps@w3.org>
Message-ID: <op.vge4tkpj64w2qv@annevk-t60>
On Wed, 21 Jul 2010 23:54:43 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> On Wed, Jul 21, 2010 at 1:14 PM, Alexey Proskuryakov <ap@webkit.org>  
> wrote:
>> 20.07.2010, в 14:37, Jonas Sicking написал(а):
>>
>>> However I haven't been able to find a clear definition of what counts
>>> as a "network error". Does this include successful HTTP requests that
>>> return 4xx or 5xx status codes? Or just errors in the lower level of
>>> the stack, such as aborted TCP connections?
>>
>>
>> FWIW, I've been always assuming the latter. Blocking 4xx and 5xx  
>> responses would mean having a rather unexpected difference between same  
>> origin and cross origin XMLHttpRequest (the former lets JS code see  
>> such responses).
>
> I'm fairly certain that when we discussed this at the F2F in Redmond,
> we talked about 4xxs aways resulting in failed requests. And that this
> solved some security issues.
>
> However I could be misremembering, or we could have changed our minds  
> later.
>
> Definitely would like to hear others speak up.

I don't remember that to be honest. CORS was always meant as some kind of  
layer on top, not interfering with normal HTTP response codes. I do agree  
I should clarify that though.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Sunday, 25 July 2010 21:34:27 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:40 GMT