- From: Anne van Kesteren <annevk@opera.com>
- Date: Sun, 25 Jul 2010 23:33:30 +0200
- To: "Alexey Proskuryakov" <ap@webkit.org>, "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Webapps WG" <public-webapps@w3.org>
On Wed, 21 Jul 2010 23:54:43 +0200, Jonas Sicking <jonas@sicking.cc> wrote: > On Wed, Jul 21, 2010 at 1:14 PM, Alexey Proskuryakov <ap@webkit.org> > wrote: >> 20.07.2010, в 14:37, Jonas Sicking написал(а): >> >>> However I haven't been able to find a clear definition of what counts >>> as a "network error". Does this include successful HTTP requests that >>> return 4xx or 5xx status codes? Or just errors in the lower level of >>> the stack, such as aborted TCP connections? >> >> >> FWIW, I've been always assuming the latter. Blocking 4xx and 5xx >> responses would mean having a rather unexpected difference between same >> origin and cross origin XMLHttpRequest (the former lets JS code see >> such responses). > > I'm fairly certain that when we discussed this at the F2F in Redmond, > we talked about 4xxs aways resulting in failed requests. And that this > solved some security issues. > > However I could be misremembering, or we could have changed our minds > later. > > Definitely would like to hear others speak up. I don't remember that to be honest. CORS was always meant as some kind of layer on top, not interfering with normal HTTP response codes. I do agree I should clarify that though. -- Anne van Kesteren http://annevankesteren.nl/
Received on Sunday, 25 July 2010 21:34:27 UTC