[Bug 19236] Enable CORS on entire site

https://www.w3.org/Bugs/Public/show_bug.cgi?id=19236

--- Comment #4 from Eric Bidelman <ericbidelman@chromium.org> 2012-10-03 21:50:10 UTC ---
More info here:
http://monsur.hossa.in/2012/09/07/thoughts-on-the-cors-preflight-cache.html

Monsur has done experiments with CORS. He says:

"serving the header should not be costly at all
i mean, you are adding, what, 30 bytes per request"

The worry is that you open up an "API" for folks to use. However, there's
also nothing top stop folks from iframing in our pages and creating extra
load on the server.

If the server load is worry, has there been any thought in allowing folks
to request as page as JSON?...and only enable the CORs headers for those
types of requests?

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 3 October 2012 21:50:12 UTC