[whatwg] unexpected use of the CORS specification

On Sun, Nov 8, 2009 at 2:08 PM, Silvia Pfeiffer
<silviapfeiffer1 at gmail.com> wrote:
> Yes, that's the point. Please read the blog post for details. Benno
> also discussed the issue of the number of requests made.
>
> BTW: I've taken the public-html list off this thread, since I think
> the discussion so far was only by WHATWG members and we want to avoid
> too much cross-posting.

But if you're asking the *browser* to do this, then the browser
doesn't need the server to opt in to CORS. The browser can provide
this functionality without needing cooperation from the server.
Possibly even greasemonkey scripts have enough authority to do this
without any server opt-in.

If however you are suggesting that *pages* do this, then yes, the
redirect server would need to opt in to CORS, and we would probably
need to add functionality to allow pages to get informed about the
redirect chain.

/ Jonas

Received on Sunday, 8 November 2009 14:36:15 UTC