W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Re: [cors] 27 July 2010 CORS feedback

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 22 Nov 2010 08:43:39 -0500
Message-ID: <4CEA738B.3000306@mit.edu>
To: Jonas Sicking <jonas@sicking.cc>
CC: Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On 11/22/10 3:31 AM, Jonas Sicking wrote:
> other person: Hmm.. we might want to disable cross-site posting for
> forms some day, so is it such a good idea that cors enables it?
> me: If we do disable it for forms we'll just disable it for cors too.
> So much content will break for forms that the cors breakage won't be
> what we're concerned about.
> other person: Yeah, true.

One _could_ make the argument (which I don't find terribly convincing, 
btw), that if we require CORS for cross-origin POST in XHR for now then 
people who want their POST pages accessible via XHR will add the right 
CORS headers over time, and as more and more stuff is done over a mix of 
XHR and normal requests most pages that really need to be accessed 
cross-site will have CORS headers.  Then requiring preflights for normal 
forms won't break as much content.

As I said, I'm not convinced that that middle steps of everyone wanting 
their stuff to be accessible over XHR will necessarily happen...

-Boris
Received on Monday, 22 November 2010 13:44:31 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT