W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Enhancement request: change EventSource to allow cross-domain access

From: Anne van Kesteren <annevk@opera.com>
Date: Sat, 18 Jun 2011 10:01:07 +0200
Message-ID: <op.vw9hv50m64w2qv@anne-van-kesterens-macbook-pro.local>
On Sat, 18 Jun 2011 00:31:42 +0200, Ian Hickson <ian at hixie.ch> wrote:
> The reason we _didn't_ send credentials by default for <img> was that  
> most cross-origin images are going to be static, and it would be a huge  
> pain
> for the server to have to do per-connection work to determine the HTTP
> headers each time. With EventSource, that's a non-issue, since the server
> is going to have to do lots of much heavier per-connection work anyway.

I think we should change CORS to allow * for credentialed requests. People  
have already asked for that. That would also allow dropping the  
crossorigin="" attribute which complicates the request model for the  
elements it is applicable to a lot. (Too much, in my opinion.)

(I designed CORS in such a way it could be used for <img> and such without  
the need to introduce new syntax.)

Anne van Kesteren
Received on Saturday, 18 June 2011 01:01:07 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:34 UTC