[whatwg] Enhancement request: change EventSource to allow cross-domain access

Jonas Sicking jonas at sicking.cc
Fri Jun 17 18:46:59 PDT 2011


On Fri, Jun 17, 2011 at 5:31 PM, ilya goberman <goberman at msn.com> wrote:
> I do not really understand what "specify the request to happen with
> credentials" really mean. Can someone explain or point to an example?
> My opinion is that it should be the same for the XHR and EventSource and
> should also be backward compatible. We currently generate
> Access-Control-Allow-Origin:* in the server responses for the XHR requests
> to allow cross-domain calls (and do not really do anything beyond that) and
> I hope it will not be broken with these new "credentials validation"
> changes.
> Thanks

I'd love to hear more about this as it's directly related to the
question Hixie asked.

I take it you are sending that header from some set of URLs on your
servers, which are then loaded using XHR (XDR in IE) from other sites?

And you are wanting to (or perhaps are already) structuring that data
such that it can be used with EventSource once browsers support it,
and support using it in cross-site scenarios?

Am I correct so far?

If so, what type of data are you returning from these URLs?

Given the header you are sending, it seems like this is not
personalized data, but rather generic data which looks the same no
matter which users browser is reading it. Or more specifically, you
are not personalizing the response from these requests based on the
users cookies, is this correct?

Thanks!

/ Jonas


More information about the whatwg mailing list