[Bug 19236] Enable CORS on entire site from bugzilla@jessica.w3.org on 2012-10-03 (public-webplatform-bugs@w3.org from October to December 2012)

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Oct 2012 21:50:10 +0000
To: public-webplatform-bugs@w3.org
Message-Id: <E1TJWpW-0005N8-Tm@jessica.w3.org>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=19236

--- Comment #4 from Eric Bidelman <ericbidelman@chromium.org> 2012-10-03 21:50:10 UTC ---
More info here:
http://monsur.hossa.in/2012/09/07/thoughts-on-the-cors-preflight-cache.html

Monsur has done experiments with CORS. He says:

"serving the header should not be costly at all
i mean, you are adding, what, 30 bytes per request"

The worry is that you open up an "API" for folks to use. However, there's
also nothing top stop folks from iframing in our pages and creating extra
load on the server.

If the server load is worry, has there been any thought in allowing folks
to request as page as JSON?...and only enable the CORs headers for those
types of requests?

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 3 October 2012 21:50:12 UTC