- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 28 Jan 2011 20:52:58 -0800
On Fri, Jan 28, 2011 at 2:13 PM, Michael Nordman <michaeln at google.com> wrote: > On Thu, Jan 27, 2011 at 8:30 PM, Jonas Sicking <jonas at sicking.cc> wrote: >> On Thu, Jan 27, 2011 at 5:16 PM, Michael Nordman <michaeln at google.com> wrote: >>> A CORS based answer to this would work for the folks that have >>> expressed an interest in this capability to me. >>> >>> cc'ing some other appcache implementors too... any thoughts? >> >> CORS has the semantics of "you're allowed to make these types of >> requests to this resource, and you're allowed to read the response >> from such requests". This is very different from what is being >> requested here as I understand it? >> >> So either we'd need to add more headers to CORS, or come up with some >> other header-based solution I think. >> >> / Jonas > > Seems like CORS describes a protocol more than prescribes semantics? > Is it really necessary to build up another protocol. From the > abstract, > "Specifications that enable an API to make cross-origin requests to > resources can use the algorithms defined by this specification." As long as you don't confuse webauthors. I.e. if an author sends: access-control-allow-origin: * that *only* means that any site can read that response. I.e. that it doesn't come with any unrelated side effects such as cache pinning or the like. / Jonas
Received on Friday, 28 January 2011 20:52:58 UTC