[html5] r3893 - [] (0) EventSource: remove CORS for now; add intro; other cleanup.

whatwg at whatwg.org whatwg at whatwg.org
Fri Sep 18 01:15:46 PDT 2009

Author: ianh
Date: 2009-09-18 01:15:46 -0700 (Fri, 18 Sep 2009)
New Revision: 3893

[] (0) EventSource: remove CORS for now; add intro; other cleanup.

Modified: source
--- source	2009-09-18 07:57:47 UTC (rev 3892)
+++ source	2009-09-18 08:15:46 UTC (rev 3893)
@@ -71811,11 +71811,30 @@
   dedicated server-push protocols, this specification introduces the
   <code>EventSource</code> interface.</p>
-  <p class="XXX">An introduction to the client-side and
-  server-side of using the direct connection APIs.</p>
+  <p>Using this API consists of creating an <code>EventSource</code>
+  object and registering an event listener.</p>
+  <pre>var source = new EventSource('updates.cgi');
+source.onmessage = function (event) {
+  alert(event.data);
+  <p>On the server-side, the script ("<code
+  title="">updates.cgi</code>" in this case) sends messages in the
+  following form, with the <code>text/event-stream</code> MIME
+  type:</p>
+  <pre>data: This is the first message.
+data: This is the second message, it
+data: has two lines.
+data: This is the third message.</pre>
   <!--BOILERPLATE middle-w3c-api-intro-->
   <h4>The <code>EventSource</code> interface</h4>
   <pre class="idl">[<span title="dom-EventSource">Constructor</span>(in DOMString url)]
@@ -71867,7 +71886,8 @@
     title="fetch">fetching</span> algorithm is such that if the
     browser is already fetching the resource identified by the given
     <span>absolute URL</span>, that connection can be reused, instead
-    of a new connection being established.</p>
+    of a new connection being established. All messages received up to
+    this point are dispatched immediately, in this case.</p>
@@ -71979,10 +71999,15 @@
   sources. User agents should ignore HTTP cache headers in the
   response, never caching event sources.</p>
-  <p class="XXX">Cross-origin loads are expected to follow the
-  Access-Control semantics of CORS; without this header, they are
-  expected to fail as if the site was down.</p>
+  <p>User agents must act as if the connection had failed due to a
+  network error if the <span>origin</span> of the <span>URL</span> of
+  the resource to be <span title="fetch">fetched</span> is not the
+  <span>same origin</span> as that of the <span>first script</span>
+  when the <span title="dom-EventSource">EventSource()</code>
+  constructor is invoked.</p>
+  <!-- v2: add CORS support -->
   <p>As data is received, the <span title="concept-task">tasks</span>
@@ -72489,9 +72514,9 @@
     <p>An event stream from an origin distinct from the origin of the
     content consuming the event stream can result in information
-    leakage. To avoid this, user agents are required to apply CORS
-    semantics or block all cross-origin loads. <a
-    href="#refsCORS">[CORS]</a></p>
+    leakage. To avoid this, user agents are required to <!--v2: apply
+    CORS semantics or--> block all cross-origin loads. <!--v2: <a
+    href="#refsCORS">[CORS]</a>--></p>
     <p>Event streams can overwhelm a user agent; a user agent is
     expected to apply suitable restrictions to avoid depleting local

More information about the Commit-Watchers mailing list