[whatwg] Enhancement request: change EventSource to allow cross-domain access
Per-Erik Brodin
per-erik.brodin at ericsson.com
Sat Jun 18 15:25:57 PDT 2011
On 2011-06-17 21:57, Ian Hickson wrote:
> On Wed, 1 Jun 2011, ilya goberman wrote:
>>
>> Can EventSource be enhanced to support cross-domain requests via
>> "Access-Control-Allow-Origin" header, just like it is already done for
>> XHR? See
>> http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests.
>
> Done.
Great news!
The same-origin check in step 4 under "When the EventSource()
constructor is invoked .." is still present.
According to the CORS specification, a request is not to be terminated
even when the resource sharing check fails. However, when using CORS
with EventSource I think it may be justified since the response is
typically not returned right away.
The Cache-Control request header used with EventSource is not in the
list of simple request headers and a preflight request is not really an
option here in my opinion.
//Per-Erik
More information about the whatwg
mailing list