Re: [beacon] CORS and Credentials questions.

On Wed, Jan 8, 2014 at 10:29 AM, Boris Zbarsky <> wrote:

> I'm not saying this is a great situation; no one thinks it is.  If you
> have a proposal that addresses the security concerns here, I'd love to hear
> it...

Thanks for the context Boris.. makes a lot more sense now. Sounds like we
might have to assume the cost of preflight for some beacons? =/

Also, this is somewhat tangential, but I still wonder about "POST only"
part: many existing analytics solutions rely on pixel GET's to log data..
in part because they have existing pipelines which rely on analyzing the
logs by mining the query string. I'm not sure if this will be a
deal-breaker, but I do think it'll be a stumbling block for adoption.


Received on Wednesday, 8 January 2014 18:45:34 UTC