- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 20 Jun 2011 19:59:06 +0000 (UTC)
On Sun, 19 Jun 2011, Per-Erik Brodin wrote: > On 2011-06-17 21:57, Ian Hickson wrote: > > On Wed, 1 Jun 2011, ilya goberman wrote: > > > > > > Can EventSource be enhanced to support cross-domain requests via > > > "Access-Control-Allow-Origin" header, just like it is already done for > > > XHR? See > > > http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests. > > > > Done. > > Great news! > The same-origin check in step 4 under "When the EventSource() constructor is > invoked .." is still present. Oops. Fixed. > According to the CORS specification, a request is not to be terminated > even when the resource sharing check fails. However, when using CORS > with EventSource I think it may be justified since the response is > typically not returned right away. Not sure what you mean here. Could you elaborate? > The Cache-Control request header used with EventSource is not in the > list of simple request headers and a preflight request is not really an > option here in my opinion. Not sure what you mean by "simple request headers". The Cache-Control header isn't a custom header, so it doesn't affect whether you use a preflight or not. I've clarified the spec. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 20 June 2011 12:59:06 UTC