[html5] r6255 - [giow] (0) CORS-enable EventSource, for cross-site event streams
whatwg at whatwg.org
whatwg at whatwg.org
Fri Jun 17 12:58:03 PDT 2011
Author: ianh
Date: 2011-06-17 12:57:59 -0700 (Fri, 17 Jun 2011)
New Revision: 6255
Modified:
complete.html
source
Log:
[giow] (0) CORS-enable EventSource, for cross-site event streams
Modified: complete.html
===================================================================
--- complete.html 2011-06-17 01:06:39 UTC (rev 6254)
+++ complete.html 2011-06-17 19:57:59 UTC (rev 6255)
@@ -78851,17 +78851,21 @@
<li>
- <p><a href=#fetch>Fetch</a> the resource identified by the resulting
- <a href=#absolute-url>absolute URL</a>, from the <a href=#entry-script>entry script</a>'s
- <a href=#origin>origin</a>, with the <i>force same-origin flag</i> set,
- and process it as described below.</p> <!-- not http-origin
- privacy sensitive (looking forward to CORS) -->
+ <p>Do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
+ resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i> being
+ <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
+ Credentials</a>, and the <i><a href=#origin>origin</a></i> being the <a href=#entry-script>entry
+ script</a>'s <a href=#origin>origin</a><!--, and the <i>default origin
+ behaviour</i> set to <i>fail</i> (though it has no effect in the
+ "Use Credentials" mode)-->, and process the resource obtained in
+ this fashion, if any, as described below.</p>
- <p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm is such that if the
- browser is already fetching the resource identified by the given
- <a href=#absolute-url>absolute URL</a>, that connection can be reused, instead
- of a new connection being established. All messages received up to
- this point are dispatched immediately, in this case.</p>
+ <p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm (which is used by CORS) is
+ such that if the browser is already fetching the resource
+ identified by the given <a href=#absolute-url>absolute URL</a>, that connection
+ can be reused, instead of a new connection being established. All
+ messages received up to this point are dispatched immediately, in
+ this case.</p>
</li>
@@ -78984,8 +78988,8 @@
other subresource.</p>
<p>HTTP 301 Moved Permanently, HTTP 302 Found, 303 See Other, and
- 307 Temporary Redirect responses are handled by the <a href=#fetch title=fetch>fetching</a> algorithm. In the case of 301
- redirects, the user agent must also remember the new URL so that
+ 307 Temporary Redirect responses are handled by the <a href=#fetch title=fetch>fetching</a> and CORS algorithms. In the case of
+ 301 redirects, the user agent must also remember the new URL so that
subsequent requests for this resource for this
<code><a href=#eventsource>EventSource</a></code> object start with the URL given for the
last 301 seen for requests for this object.</p>
@@ -79022,9 +79026,17 @@
<code title=event-error>error</code> at the
<code><a href=#eventsource>EventSource</a></code> object, and then, after a delay equal to
the reconnection time of the event source, if the <code title=dom-EventSource-readyState><a href=#dom-eventsource-readystate>readyState</a></code> attribute is
- still set to <code title=dom-EventSource-CONNECTING><a href=#dom-eventsource-connecting>CONNECTING</a></code>,
- <a href=#fetch>fetch</a> the event source resource again from the same
- <a href=#origin>origin</a> as the original request triggered by the <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code> constructor.</p>
+ still set to <code title=dom-EventSource-CONNECTING><a href=#dom-eventsource-connecting>CONNECTING</a></code>, once again do
+ a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the <a href=#absolute-url>absolute
+ URL</a> of the event source resource, with the <i>mode</i> being
+ <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
+ Credentials</a>, and the <i><a href=#origin>origin</a></i> being the same as the
+ <a href=#origin>origin</a> used in the original request triggered by the
+ <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code> constructor<!--,
+ and the <i>default origin behaviour</i> set to <i>fail</i> (though
+ it has no effect in the "Use Credentials" mode)-->, and process the
+ resource obtained in this fashion, if any, as described in this
+ section.</p>
<p>When a user agent is to <dfn id=fail-the-connection>fail the connection</dfn>, the user
agent must set the <code title=dom-EventSource-readyState><a href=#dom-eventsource-readystate>readyState</a></code> attribute to
Modified: source
===================================================================
--- source 2011-06-17 01:06:39 UTC (rev 6254)
+++ source 2011-06-17 19:57:59 UTC (rev 6255)
@@ -89371,18 +89371,22 @@
<li>
- <p><span>Fetch</span> the resource identified by the resulting
- <span>absolute URL</span>, from the <span>entry script</span>'s
- <span>origin</span>, with the <i>force same-origin flag</i> set,
- and process it as described below.</p> <!-- not http-origin
- privacy sensitive (looking forward to CORS) -->
+ <p>Do a <span>potentially CORS-enabled fetch</span> of the
+ resulting <span>absolute URL</span>, with the <i>mode</i> being
+ <span title="attr-crossorigin-use-credentials">Use
+ Credentials</span>, and the <i>origin</i> being the <span>entry
+ script</span>'s <span>origin</span><!--, and the <i>default origin
+ behaviour</i> set to <i>fail</i> (though it has no effect in the
+ "Use Credentials" mode)-->, and process the resource obtained in
+ this fashion, if any, as described below.</p>
<p class="note">The definition of the <span
- title="fetch">fetching</span> algorithm is such that if the
- browser is already fetching the resource identified by the given
- <span>absolute URL</span>, that connection can be reused, instead
- of a new connection being established. All messages received up to
- this point are dispatched immediately, in this case.</p>
+ title="fetch">fetching</span> algorithm (which is used by CORS) is
+ such that if the browser is already fetching the resource
+ identified by the given <span>absolute URL</span>, that connection
+ can be reused, instead of a new connection being established. All
+ messages received up to this point are dispatched immediately, in
+ this case.</p>
</li>
@@ -89539,8 +89543,8 @@
<p>HTTP 301 Moved Permanently, HTTP 302 Found, 303 See Other, and
307 Temporary Redirect responses are handled by the <span
- title="fetch">fetching</span> algorithm. In the case of 301
- redirects, the user agent must also remember the new URL so that
+ title="fetch">fetching</span> and CORS algorithms. In the case of
+ 301 redirects, the user agent must also remember the new URL so that
subsequent requests for this resource for this
<code>EventSource</code> object start with the URL given for the
last 301 seen for requests for this object.</p>
@@ -89584,10 +89588,17 @@
the reconnection time of the event source, if the <code
title="dom-EventSource-readyState">readyState</code> attribute is
still set to <code
- title="dom-EventSource-CONNECTING">CONNECTING</code>,
- <span>fetch</span> the event source resource again from the same
- <span>origin</span> as the original request triggered by the <code
- title="dom-EventSource">EventSource()</code> constructor.</p>
+ title="dom-EventSource-CONNECTING">CONNECTING</code>, once again do
+ a <span>potentially CORS-enabled fetch</span> of the <span>absolute
+ URL</span> of the event source resource, with the <i>mode</i> being
+ <span title="attr-crossorigin-use-credentials">Use
+ Credentials</span>, and the <i>origin</i> being the same as the
+ <span>origin</span> used in the original request triggered by the
+ <code title="dom-EventSource">EventSource()</code> constructor<!--,
+ and the <i>default origin behaviour</i> set to <i>fail</i> (though
+ it has no effect in the "Use Credentials" mode)-->, and process the
+ resource obtained in this fashion, if any, as described in this
+ section.</p>
<p>When a user agent is to <dfn>fail the connection</dfn>, the user
agent must set the <code
More information about the Commit-Watchers
mailing list