W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2009

[whatwg] unexpected use of the CORS specification

From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Date: Sun, 8 Nov 2009 14:08:31 -0800
Message-ID: <2c0e02830911081408g1ff1da26x31f24db906597656@mail.gmail.com>
Yes, that's the point. Please read the blog post for details. Benno
also discussed the issue of the number of requests made.

BTW: I've taken the public-html list off this thread, since I think
the discussion so far was only by WHATWG members and we want to avoid
too much cross-posting.

Thanks,
Silvia.

On Sun, Nov 8, 2009 at 1:16 PM, Mike Ressler <mressler at gmail.com> wrote:
> I think that Silvia was implying that a URL shortening service could respond
> with Access-Control-Allow-Origin:* or some such header to signal to the
> browser that this domain serves resources in a cross-origin fashion.? This
> would allow the browser to eagerly fetch the resulting URLs to aid in user
> interface hints without having to eagerly fetch URLs that aren't
> "shortened".
>
> Mike
>
> On Sun, Nov 8, 2009 at 10:25 AM, Adam Barth <whatwg at adambarth.com> wrote:
>>
>> I don't see the connection with CORS. ?The browser is free to request
>> whatever URLs it wants. ?The results need not be accessible to
>> content. ?Maybe I'm misunderstanding.
>>
>> Adam
>>
>>
>> On Sat, Nov 7, 2009 at 11:35 PM, Silvia Pfeiffer
>> <silviapfeiffer1 at gmail.com> wrote:
>> > Hi,
>> >
>> > a friend of mine just wrote an interesting blog post about
>> > "unshortening twitter URLs", see
>> > http://benno.id.au/blog/2009/11/08/urlunshortener .
>> >
>> > In it he proposes that url shorteners should be treated specially in
>> > browsers such that when you mouse over a shortened url, the browse
>> > knows to interpret them (i.e. follow the redirection) and shows you
>> > the long URL as a hint. I would support such an approach, since I have
>> > been annoyed more than once that shortened URLs don't tell me anything
>> > about the target. As part of this would be a requirement for URL
>> > shorteners to support CORS http://www.w3.org/TR/cors/, which browsers
>> > can then use to follow the redirection.
>> >
>> > Further, Benno suggests extending http://www.w3.org/TR/XMLHttpRequest/
>> > with a property to disable following redirects automatically so as to
>> > be able to expose the redirection.
>> >
>> > I am not aware if somebody else has suggested these use cases for CORS
>> > and XMLHttpRequest before (this may not even be the right fora for
>> > it), but since these are so closely linked to what we do in HTML5, I
>> > thought it would be good to point it out. I would think that at
>> > minimum Anne knows what to do with it, since he is editor on both.
>> >
>> > Regards,
>> > Silvia.
>> >
>
>
Received on Sunday, 8 November 2009 14:08:31 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:18 UTC