- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 20 Jun 2011 03:53:02 -0700
On Mon, Jun 20, 2011 at 3:22 AM, Anne van Kesteren <annevk at opera.com> wrote: > On Sun, 19 Jun 2011 00:25:57 +0200, Per-Erik Brodin > <per-erik.brodin at ericsson.com> wrote: >> >> The Cache-Control request header used with EventSource is not in the list >> of simple request headers and a preflight request is not really an option >> here in my opinion. > > Agreed. I can add that to CORS. I already added Last-Event-ID for that > reason, but somehow missed Cache-Control. Wait, we don't have to add any headers to the CORS spec just because implementations of various specs needs to send those without doing preflight. The list of "simple headers" only affects which headers the *page* can immediately set without a preflight being required, for example through features like XMLHttpRequest.setRequestHeader. Headers that the implementation adds doesn't need to be added to this list. For example the "Host" header is set by the browser in almost all situations, but it does not need to be added to the list of "simple headers". Indeed, adding in there would an out right bad idea. So I'm not convinced that the Last-Event-ID header needs to be in the list. / Jonas
Received on Monday, 20 June 2011 03:53:02 UTC