W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [cors] Review

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 9 Jun 2009 15:17:27 +1000
Cc: public-webapps@w3.org
Message-Id: <BC8E421D-25C7-467A-BB39-9B8397F67DA5@mnot.net>
To: Tyler Close <tyler.close@gmail.com>

On 09/06/2009, at 4:26 AM, Tyler Close wrote:
> Using reasoning similar to your argument in "Chattiness", making POST
> a non-"simple" method will force web sites to tunnel everything over
> GET, as they commonly do today. So, I suspect your understandable
> desire to make CORS somewhat compatible with web-arch will have the
> opposite effect on deployed applications. We should be thankful that
> HTML saved cross-site GET and POST from the overhead of CORS. I am.
> With GET and POST to many URLs, it's possible to get most of the
> benefits of the Web. It'd be a shame to lose POST in the name of
> better web-arch and be left with only GET.

... or it can just be fixed it so that it isn't so chatty, and  
everyone wins.

Honestly, "we should be thankful"?

>> However, other contexts of use may not have this problem...
> Hopefully CORS will not be reused outside the web-browser. For
> example, server-side code should not be subject to any of the
> restrictions enforced by CORS. Hopefully, other contexts will model
> themselves on the server-side, where there's no user ambient authority
> associated with network requests.

My understanding was that CORS is explicitly designed for other uses  
as well.

Mark Nottingham     http://www.mnot.net/
Received on Tuesday, 9 June 2009 05:18:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC