- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 19 Feb 2015 11:52:37 -0800
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Dale Harvey <dale@arandomurl.com>, Brian Smith <brian@briansmith.org>, WebAppSec WG <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>, Monsur Hossain <monsur@gmail.com>
On Thu, Feb 19, 2015 at 3:30 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Feb 19, 2015 at 12:17 PM, Dale Harvey <dale@arandomurl.com> wrote: >> With Couch / PouchDB we are working with an existing REST API wherein every >> request is to a different url (which is unlikely to change), the performance >> impact is significant since most of the time is used up by latency, the CORS >> preflight request essentially double the time it takes to do anything > > Yeah, also, it should not be up to us how people design their HTTP > APIs. Limiting HTTP in that way because it is hard to make CORS scale > seems bad. > > > I think we've been too conservative when introducing CORS. It's > effectively protecting content behind a firewall, ...and content that uses user credentials like cookies. / Jonas
Received on Thursday, 19 February 2015 19:53:34 UTC