[whatwg] AppCache + CORS issue.

Michael Nordman michaeln at google.com
Fri Jul 1 13:38:46 PDT 2011


Cross-origin resources listed in the CACHE section aren't retrieved with the
'Origin' header and the responses may not contain the
'Access-Control-Allow-Origin'
header. This makes it impossible to utilized CORS for appcache resources.

http://code.google.com/p/chromium/issues/detail?id=86324

We may need a way to express in the manifest file that the x-origin
resource is to be retrieved and cached with the CORS related headers.
Maybe a new manifest file section a lot like the CACHE section but a
little different... something like...

CACHE-CORS:http://cross-origin/resource

When fetching, the 'Origin' header would be included and the responses
'Access-Control-Allow-Origin' header would be cached. When accessed by
pages associated with the appcache, the access-control-allow-origin
header would be provided.


More information about the whatwg mailing list