Re: [XHR2] Upload progress events and simple cross-origin requests

19.03.2009, Χ 21:00, Jonas Sicking ΞΑΠΙΣΑΜ(Α):

> While I agree that there are other ways of doing this, I think I'd
> have a really hard time selling a feature that explicitly allows port
> scanning to our security team. Especially when there is an easy
> remedy.

The price comes mainly in the form of developer time - first, they  
will be inconvenienced by arbitrary restrictions on when they can  
install event listeners, and then (but more significantly), they'll  
have to implement OPTIONS server-side, even if they didn't need it  
otherwise. There is also some price in performance due to making a  
preflight request, although I guess it's negligible in cases when  
upload progress events will be used. Finally, there can potentially be  
a compatibility problem if some proxy is not configured to pass  
OPTIONS requests, but I do not have any data on whether that's likely.

That said, I don't care too much either way.

- WBR, Alexey Proskuryakov

Received on Thursday, 19 March 2009 18:18:33 UTC