W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Enhancement request: change EventSource to allow cross-domain access

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 17 Jun 2011 18:46:59 -0700
Message-ID: <BANLkTim5OWbSsWw-qZd95QaYtHrMtz5tXg@mail.gmail.com>
On Fri, Jun 17, 2011 at 5:31 PM, ilya goberman <goberman at msn.com> wrote:
> I do not really understand what "specify the request to happen with
> credentials" really mean. Can someone explain or point to an example?
> My opinion is that it should be the same for the XHR and EventSource and
> should also be backward compatible. We currently generate
> Access-Control-Allow-Origin:* in the server responses for the XHR requests
> to allow cross-domain calls (and do not really do anything beyond that) and
> I hope it will not be broken with these new "credentials validation"
> changes.
> Thanks

I'd love to hear more about this as it's directly related to the
question Hixie asked.

I take it you are sending that header from some set of URLs on your
servers, which are then loaded using XHR (XDR in IE) from other sites?

And you are wanting to (or perhaps are already) structuring that data
such that it can be used with EventSource once browsers support it,
and support using it in cross-site scenarios?

Am I correct so far?

If so, what type of data are you returning from these URLs?

Given the header you are sending, it seems like this is not
personalized data, but rather generic data which looks the same no
matter which users browser is reading it. Or more specifically, you
are not personalizing the response from these requests based on the
users cookies, is this correct?

Thanks!

/ Jonas
Received on Friday, 17 June 2011 18:46:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:06 UTC