W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2009

[whatwg] unexpected use of the CORS specification

From: Mike Ressler <mressler@gmail.com>
Date: Sun, 8 Nov 2009 16:16:17 -0500
Message-ID: <1fec3f0a0911081316p1d240735k29c3d87b9779b7d4@mail.gmail.com>
I think that Silvia was implying that a URL shortening service could respond
with Access-Control-Allow-Origin:*<http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea>or
some such header to signal to the browser that this domain serves
resources in a cross-origin fashion.  This would allow the browser to
eagerly fetch the resulting URLs to aid in user interface hints without
having to eagerly fetch URLs that aren't "shortened".

Mike

On Sun, Nov 8, 2009 at 10:25 AM, Adam Barth <whatwg at adambarth.com> wrote:

> I don't see the connection with CORS.  The browser is free to request
> whatever URLs it wants.  The results need not be accessible to
> content.  Maybe I'm misunderstanding.
>
> Adam
>
>
> On Sat, Nov 7, 2009 at 11:35 PM, Silvia Pfeiffer
> <silviapfeiffer1 at gmail.com> wrote:
> > Hi,
> >
> > a friend of mine just wrote an interesting blog post about
> > "unshortening twitter URLs", see
> > http://benno.id.au/blog/2009/11/08/urlunshortener .
> >
> > In it he proposes that url shorteners should be treated specially in
> > browsers such that when you mouse over a shortened url, the browse
> > knows to interpret them (i.e. follow the redirection) and shows you
> > the long URL as a hint. I would support such an approach, since I have
> > been annoyed more than once that shortened URLs don't tell me anything
> > about the target. As part of this would be a requirement for URL
> > shorteners to support CORS http://www.w3.org/TR/cors/, which browsers
> > can then use to follow the redirection.
> >
> > Further, Benno suggests extending http://www.w3.org/TR/XMLHttpRequest/
> > with a property to disable following redirects automatically so as to
> > be able to expose the redirection.
> >
> > I am not aware if somebody else has suggested these use cases for CORS
> > and XMLHttpRequest before (this may not even be the right fora for
> > it), but since these are so closely linked to what we do in HTML5, I
> > thought it would be good to point it out. I would think that at
> > minimum Anne knows what to do with it, since he is editor on both.
> >
> > Regards,
> > Silvia.
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20091108/628b0fc9/attachment.htm>
Received on Sunday, 8 November 2009 13:16:17 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:18 UTC