- From: <bugzilla@jessica.w3.org>
- Date: Mon, 11 Nov 2013 21:14:21 +0000
- To: public-webapps-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20322 --- Comment #5 from Hallvord R. M. Steen <hsteen@mozilla.com> --- Thanks for explaining this a bit more.. So yeah, why do we need a preflight if XHR sends some data and has registered upload event listeners? Well, I presume there's a concern about cross-origin information leakage if some upload event listeners fire. Stuff like intranet port/host sniffing might be possible? So we should add something like: <p class="note">Firing upload events for cross-origin requests requires a preflight because otherwise, information about the existence of sites and services might leak across origins.</p> ..although it also seems feasible to just kill the "upload events flag" and do it this way: https://github.com/whatwg/xhr/pull/15 -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 11 November 2013 21:14:23 UTC