- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 9 Jun 2009 15:17:27 +1000
- To: Tyler Close <tyler.close@gmail.com>
- Cc: public-webapps@w3.org
On 09/06/2009, at 4:26 AM, Tyler Close wrote: > > Using reasoning similar to your argument in "Chattiness", making POST > a non-"simple" method will force web sites to tunnel everything over > GET, as they commonly do today. So, I suspect your understandable > desire to make CORS somewhat compatible with web-arch will have the > opposite effect on deployed applications. We should be thankful that > HTML saved cross-site GET and POST from the overhead of CORS. I am. > With GET and POST to many URLs, it's possible to get most of the > benefits of the Web. It'd be a shame to lose POST in the name of > better web-arch and be left with only GET. ... or it can just be fixed it so that it isn't so chatty, and everyone wins. Honestly, "we should be thankful"? >> However, other contexts of use may not have this problem... > > Hopefully CORS will not be reused outside the web-browser. For > example, server-side code should not be subject to any of the > restrictions enforced by CORS. Hopefully, other contexts will model > themselves on the server-side, where there's no user ambient authority > associated with network requests. My understanding was that CORS is explicitly designed for other uses as well. -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 9 June 2009 05:18:03 UTC