- From: Per-Erik Brodin <per-erik.brodin@ericsson.com>
- Date: Sun, 19 Jun 2011 00:25:57 +0200
On 2011-06-17 21:57, Ian Hickson wrote: > On Wed, 1 Jun 2011, ilya goberman wrote: >> >> Can EventSource be enhanced to support cross-domain requests via >> "Access-Control-Allow-Origin" header, just like it is already done for >> XHR? See >> http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests. > > Done. Great news! The same-origin check in step 4 under "When the EventSource() constructor is invoked .." is still present. According to the CORS specification, a request is not to be terminated even when the resource sharing check fails. However, when using CORS with EventSource I think it may be justified since the response is typically not returned right away. The Cache-Control request header used with EventSource is not in the list of simple request headers and a preflight request is not really an option here in my opinion. //Per-Erik
Received on Saturday, 18 June 2011 15:25:57 UTC