Re: [CORS] What constitutes a "network error"?

On Wed, 21 Jul 2010 23:54:43 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
> On Wed, Jul 21, 2010 at 1:14 PM, Alexey Proskuryakov <ap@webkit.org>  
> wrote:
>> 20.07.2010, в 14:37, Jonas Sicking написал(а):
>>
>>> However I haven't been able to find a clear definition of what counts
>>> as a "network error". Does this include successful HTTP requests that
>>> return 4xx or 5xx status codes? Or just errors in the lower level of
>>> the stack, such as aborted TCP connections?
>>
>>
>> FWIW, I've been always assuming the latter. Blocking 4xx and 5xx  
>> responses would mean having a rather unexpected difference between same  
>> origin and cross origin XMLHttpRequest (the former lets JS code see  
>> such responses).
>
> I'm fairly certain that when we discussed this at the F2F in Redmond,
> we talked about 4xxs aways resulting in failed requests. And that this
> solved some security issues.
>
> However I could be misremembering, or we could have changed our minds  
> later.
>
> Definitely would like to hear others speak up.

I don't remember that to be honest. CORS was always meant as some kind of  
layer on top, not interfering with normal HTTP response codes. I do agree  
I should clarify that though.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Sunday, 25 July 2010 21:34:27 UTC