- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 04 Jan 2008 22:59:34 +0100
- To: "Bertrand Le Roy" <Bertrand.Le.Roy@microsoft.com>, "public-appformats@w3.org" <public-appformats@w3.org>
On Fri, 04 Jan 2008 21:12:20 +0100, Bertrand Le Roy <Bertrand.Le.Roy@microsoft.com> wrote: >> Given that servers opt-in to all of this and sites are >> unlikely to just make random cross-site requests it is unlikely you get >> a very large response. > > That's not true. Opting in doesn't change anything. The size of the > resource is not made smaller because the author opts in. Are you saying > that cross-domain requests should not be made on large resources? What we're discussing here is the response to an authorization request. That response basically only needs to say that the server agrees with the non-GET request. It's likely that authors don't put a whole lot of content in that response as it would not make sense. And even if they did the user agent could in theory close the connection after it received the <root> element start tag in case of an XML response. (In case of other responses the entity body is not significant.) What I think is unlikely that authors will make requests to arbitrary domains of which they do not know whether the other site agrees with the request in production sites. Therefore I think it's not likely you will encounter this as a problem. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Friday, 4 January 2008 21:57:03 UTC