[whatwg] Enhancement request: change EventSource to allow cross-domain access

On Mon, Jun 20, 2011 at 3:22 AM, Anne van Kesteren <annevk at opera.com> wrote:
> On Sun, 19 Jun 2011 00:25:57 +0200, Per-Erik Brodin
> <per-erik.brodin at ericsson.com> wrote:
>>
>> The Cache-Control request header used with EventSource is not in the list
>> of simple request headers and a preflight request is not really an option
>> here in my opinion.
>
> Agreed. I can add that to CORS. I already added Last-Event-ID for that
> reason, but somehow missed Cache-Control.

Wait, we don't have to add any headers to the CORS spec just because
implementations of various specs needs to send those without doing
preflight. The list of "simple headers" only affects which headers the
*page* can immediately set without a preflight being required, for
example through features like XMLHttpRequest.setRequestHeader.

Headers that the implementation adds doesn't need to be added to this
list. For example the "Host" header is set by the browser in almost
all situations, but it does not need to be added to the list of
"simple headers". Indeed, adding in there would an out right bad idea.

So I'm not convinced that the Last-Event-ID header needs to be in the list.

/ Jonas

Received on Monday, 20 June 2011 03:53:02 UTC