- From: Alexey Proskuryakov <ap@webkit.org>
- Date: Thu, 19 Mar 2009 21:17:57 +0300
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: Ian Hickson <ian@hixie.ch>, public-webapps <public-webapps@w3.org>
19.03.2009, Χ 21:00, Jonas Sicking ΞΑΠΙΣΑΜ(Α): > While I agree that there are other ways of doing this, I think I'd > have a really hard time selling a feature that explicitly allows port > scanning to our security team. Especially when there is an easy > remedy. The price comes mainly in the form of developer time - first, they will be inconvenienced by arbitrary restrictions on when they can install event listeners, and then (but more significantly), they'll have to implement OPTIONS server-side, even if they didn't need it otherwise. There is also some price in performance due to making a preflight request, although I guess it's negligible in cases when upload progress events will be used. Finally, there can potentially be a compatibility problem if some proxy is not configured to pass OPTIONS requests, but I do not have any data on whether that's likely. That said, I don't care too much either way. - WBR, Alexey Proskuryakov
Received on Thursday, 19 March 2009 18:18:33 UTC