W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Enhancement request: change EventSource to allow cross-domain access

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 20 Jun 2011 12:57:47 +0200
Message-ID: <op.vxdfelzk64w2qv@anne-van-kesterens-macbook-pro.local>
On Mon, 20 Jun 2011 12:53:02 +0200, Jonas Sicking <jonas at sicking.cc> wrote:
> On Mon, Jun 20, 2011 at 3:22 AM, Anne van Kesteren <annevk at opera.com>  
> wrote:
>> Agreed. I can add that to CORS. I already added Last-Event-ID for that
>> reason, but somehow missed Cache-Control.
>
> Wait, we don't have to add any headers to the CORS spec just because
> implementations of various specs needs to send those without doing
> preflight. The list of "simple headers" only affects which headers the
> *page* can immediately set without a preflight being required, for
> example through features like XMLHttpRequest.setRequestHeader.
>
> Headers that the implementation adds doesn't need to be added to this
> list. For example the "Host" header is set by the browser in almost
> all situations, but it does not need to be added to the list of
> "simple headers". Indeed, adding in there would an out right bad idea.
>
> So I'm not convinced that the Last-Event-ID header needs to be in the  
> list.

We could add Host as authors cannot set that anyway. But what you say  
makes sense. I will remove Last-Event-ID and add a note about how that  
list works.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Monday, 20 June 2011 03:57:47 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:34 UTC