W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2009

[whatwg] unexpected use of the CORS specification

From: Jonas Sicking <jonas@sicking.cc>
Date: Sun, 8 Nov 2009 14:36:15 -0800
Message-ID: <63df84f0911081436v3e7d6068nb1b30e2b68888d55@mail.gmail.com>
On Sun, Nov 8, 2009 at 2:08 PM, Silvia Pfeiffer
<silviapfeiffer1 at gmail.com> wrote:
> Yes, that's the point. Please read the blog post for details. Benno
> also discussed the issue of the number of requests made.
> BTW: I've taken the public-html list off this thread, since I think
> the discussion so far was only by WHATWG members and we want to avoid
> too much cross-posting.

But if you're asking the *browser* to do this, then the browser
doesn't need the server to opt in to CORS. The browser can provide
this functionality without needing cooperation from the server.
Possibly even greasemonkey scripts have enough authority to do this
without any server opt-in.

If however you are suggesting that *pages* do this, then yes, the
redirect server would need to opt in to CORS, and we would probably
need to add functionality to allow pages to get informed about the
redirect chain.

/ Jonas
Received on Sunday, 8 November 2009 14:36:15 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:18 UTC