[html5] r6369 - [e] (0) Mention CORS in text/event-stream security considerations. Fixing http:/ [...]
whatwg at whatwg.org
whatwg at whatwg.org
Thu Aug 4 14:43:00 PDT 2011
Author: ianh
Date: 2011-08-04 14:42:59 -0700 (Thu, 04 Aug 2011)
New Revision: 6369
Modified:
complete.html
source
Log:
[e] (0) Mention CORS in text/event-stream security considerations.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=13155
Modified: complete.html
===================================================================
--- complete.html 2011-08-04 21:41:41 UTC (rev 6368)
+++ complete.html 2011-08-04 21:42:59 UTC (rev 6369)
@@ -80275,9 +80275,8 @@
<p>An event stream from an origin distinct from the origin of the
content consuming the event stream can result in information
- leakage. To avoid this, user agents are required to <!--v2: apply
- CORS semantics or--> block all cross-origin loads. <!--v2: <a
- href="#refsCORS">[CORS]</a>--></p>
+ leakage. To avoid this, user agents are required to apply CORS
+ semantics. <a href=#refsCORS>[CORS]</a></p>
<p>Event streams can overwhelm a user agent; a user agent is
expected to apply suitable restrictions to avoid depleting local
Modified: source
===================================================================
--- source 2011-08-04 21:41:41 UTC (rev 6368)
+++ source 2011-08-04 21:42:59 UTC (rev 6369)
@@ -90854,9 +90854,8 @@
<p>An event stream from an origin distinct from the origin of the
content consuming the event stream can result in information
- leakage. To avoid this, user agents are required to <!--v2: apply
- CORS semantics or--> block all cross-origin loads. <!--v2: <a
- href="#refsCORS">[CORS]</a>--></p>
+ leakage. To avoid this, user agents are required to apply CORS
+ semantics. <a href="#refsCORS">[CORS]</a></p>
<p>Event streams can overwhelm a user agent; a user agent is
expected to apply suitable restrictions to avoid depleting local
More information about the Commit-Watchers
mailing list