W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Enhancement request: change EventSource to allow cross-domain access

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 20 Jun 2011 19:59:06 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1106201944310.14203@ps20323.dreamhostps.com>
On Sun, 19 Jun 2011, Per-Erik Brodin wrote:
> On 2011-06-17 21:57, Ian Hickson wrote:
> > On Wed, 1 Jun 2011, ilya goberman wrote:
> > > 
> > > Can EventSource be enhanced to support cross-domain requests via
> > > "Access-Control-Allow-Origin" header, just like it is already done for
> > > XHR? See
> > > http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests.
> > 
> > Done.
> 
> Great news!
> The same-origin check in step 4 under "When the EventSource() constructor is
> invoked .." is still present.

Oops. Fixed.


> According to the CORS specification, a request is not to be terminated 
> even when the resource sharing check fails. However, when using CORS 
> with EventSource I think it may be justified since the response is 
> typically not returned right away.

Not sure what you mean here. Could you elaborate?


> The Cache-Control request header used with EventSource is not in the 
> list of simple request headers and a preflight request is not really an 
> option here in my opinion.

Not sure what you mean by "simple request headers". The Cache-Control 
header isn't a custom header, so it doesn't affect whether you use a 
preflight or not. I've clarified the spec.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 20 June 2011 12:59:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:06 UTC