[html5] r6791 - [giow] (1) Make EventSource support the Anonymous CORS mode. Fixing http://www.w [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon Oct 31 16:17:20 PDT 2011
Author: ianh
Date: 2011-10-31 16:17:18 -0700 (Mon, 31 Oct 2011)
New Revision: 6791
Modified:
complete.html
index
source
Log:
[giow] (1) Make EventSource support the Anonymous CORS mode.
Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=14592
Modified: complete.html
===================================================================
--- complete.html 2011-10-31 16:04:24 UTC (rev 6790)
+++ complete.html 2011-10-31 23:17:18 UTC (rev 6791)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 30 October 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 31 October 2011</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -79436,9 +79436,10 @@
<h4 id=the-eventsource-interface><span class=secno>11.2.2 </span>The <code><a href=#eventsource>EventSource</a></code> interface</h4>
- <pre class=idl>[<a href=#dom-eventsource title=dom-EventSource>Constructor</a>(DOMString url)]
+ <pre class=idl>[<a href=#dom-eventsource title=dom-EventSource>Constructor</a>(DOMString url, optional <a href=#eventsourceinit>EventSourceInit</a> eventSourceInitDict)]
interface <dfn id=eventsource>EventSource</dfn> : <a href=#eventtarget>EventTarget</a> {
readonly attribute DOMString <a href=#dom-eventsource-url title=dom-EventSource-url>url</a>;
+ readonly attribute boolean <a href=#dom-eventsource-withcredentials title=dom-EventSource-withCredentials>withCredentials</a>;
// ready state
const unsigned short <a href=#dom-eventsource-connecting title=dom-EventSource-CONNECTING>CONNECTING</a> = 0;
@@ -79451,35 +79452,51 @@
[TreatNonCallableAsNull] attribute <a href=#function>Function</a>? <a href=#handler-eventsource-onmessage title=handler-EventSource-onmessage>onmessage</a>;
[TreatNonCallableAsNull] attribute <a href=#function>Function</a>? <a href=#handler-eventsource-onerror title=handler-EventSource-onerror>onerror</a>;
void <a href=#dom-eventsource-close title=dom-EventSource-close>close</a>();
+};
+
+dictionary <dfn id=eventsourceinit>EventSourceInit</dfn> {
+ boolean <dfn id=dom-eventsourceinit-withcredentials title=dom-EventSourceInit-withCredentials>withCredentials</dfn> = false;
};</pre>
- <p>The <dfn id=dom-eventsource title=dom-EventSource><code>EventSource(<var title="">url</var>)</code></dfn> constructor takes one argument,
- <var title="">url</var>, which specifies the <a href=#url>URL</a> to
- which to connect. When the <code>EventSource()</code> constructor is
+ <p>The <dfn id=dom-eventsource title=dom-EventSource><code>EventSource()</code></dfn>
+ constructor takes one or two arguments. The first specifies the
+ <a href=#url>URL</a> to which to connect. The second specifies the
+ settings, if any, in the form of an <code><a href=#eventsourceinit>EventSourceInit</a></code>
+ dictionary. When the <code>EventSource()</code> constructor is
invoked, the UA must run these steps:</p>
<ol><li><p><a href=#resolve-a-url title="resolve a url">Resolve</a> the
- <a href=#url>URL</a> specified in <var title="">url</var>, relative to
- the <a href=#entry-script>entry script</a>'s <a href="#script's-base-url" title="script's base
- URL">base URL</a>.
+ <a href=#url>URL</a> specified in the first argument, relative to the
+ <a href=#entry-script>entry script</a>'s <a href="#script's-base-url" title="script's base URL">base
+ URL</a>.
</li>
<li><p>If the previous step failed, then throw a
<code><a href=#syntaxerror>SyntaxError</a></code> exception.</li>
- <li><p>Return a new <code><a href=#eventsource>EventSource</a></code> object, and continue
+ <li><p>Create a new <code><a href=#eventsource>EventSource</a></code> object.</li>
+
+ <li><p>Let <var title="">CORS mode</var> be <a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>.</li>
+
+ <li><p>If the second argument is present, and the <code title=dom-EventSourceInit-withCredentials><a href=#dom-eventsourceinit-withcredentials>withCredentials</a></code>
+ dictionary member has the value true, then set <var title="">CORS
+ mode</var> to <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
+ Credentials</a> and initialize the new <code><a href=#eventsource>EventSource</a></code>
+ object's <code title=dom-EventSource-withCredentials><a href=#dom-eventsource-withcredentials>withCredentials</a></code>
+ attribute to true.</li>
+
+ <li><p>Return the new <code><a href=#eventsource>EventSource</a></code> object, and continue
these steps in the background (without blocking scripts).</li>
<li>
<p>Do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i> being
- <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
- Credentials</a>, and the <i title="">origin</i> being the <a href=#entry-script>entry
- script</a>'s <a href=#origin>origin</a><!--, and the <i>default origin
- behaviour</i> set to <i>fail</i> (though it has no effect in the
- "Use Credentials" mode)-->, and process the resource obtained in
- this fashion, if any, as described below.</p>
+ <var title="">CORS mode</var>, and the <i title="">origin</i>
+ being the <a href=#entry-script>entry script</a>'s <a href=#origin>origin</a><!--, and
+ the <i>default origin behaviour</i> set to <i>fail</i> (though it
+ has no effect in the "Use Credentials" mode)-->, and process the
+ resource obtained in this fashion, if any, as described below.</p>
<p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm (which is used by CORS) is
such that if the browser is already fetching the resource
@@ -79500,6 +79517,10 @@
passed to the constructor.</p> <!-- not the result of redirects,
since that would introduce race conditions -->
+ <p>The <dfn id=dom-eventsource-withcredentials title=dom-EventSource-withCredentials><code>withCredentials</code></dfn>
+ attribute must return the value to which it was last initialized.
+ When the object is created, it must be initialized to false.</p>
+
<p>The <dfn id=dom-eventsource-readystate title=dom-EventSource-readyState><code>readyState</code></dfn>
attribute represents the state of the connection. It can have the
following values:</p>
Modified: index
===================================================================
--- index 2011-10-31 16:04:24 UTC (rev 6790)
+++ index 2011-10-31 23:17:18 UTC (rev 6791)
@@ -240,7 +240,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 30 October 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 31 October 2011</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -79436,9 +79436,10 @@
<h4 id=the-eventsource-interface><span class=secno>11.2.2 </span>The <code><a href=#eventsource>EventSource</a></code> interface</h4>
- <pre class=idl>[<a href=#dom-eventsource title=dom-EventSource>Constructor</a>(DOMString url)]
+ <pre class=idl>[<a href=#dom-eventsource title=dom-EventSource>Constructor</a>(DOMString url, optional <a href=#eventsourceinit>EventSourceInit</a> eventSourceInitDict)]
interface <dfn id=eventsource>EventSource</dfn> : <a href=#eventtarget>EventTarget</a> {
readonly attribute DOMString <a href=#dom-eventsource-url title=dom-EventSource-url>url</a>;
+ readonly attribute boolean <a href=#dom-eventsource-withcredentials title=dom-EventSource-withCredentials>withCredentials</a>;
// ready state
const unsigned short <a href=#dom-eventsource-connecting title=dom-EventSource-CONNECTING>CONNECTING</a> = 0;
@@ -79451,35 +79452,51 @@
[TreatNonCallableAsNull] attribute <a href=#function>Function</a>? <a href=#handler-eventsource-onmessage title=handler-EventSource-onmessage>onmessage</a>;
[TreatNonCallableAsNull] attribute <a href=#function>Function</a>? <a href=#handler-eventsource-onerror title=handler-EventSource-onerror>onerror</a>;
void <a href=#dom-eventsource-close title=dom-EventSource-close>close</a>();
+};
+
+dictionary <dfn id=eventsourceinit>EventSourceInit</dfn> {
+ boolean <dfn id=dom-eventsourceinit-withcredentials title=dom-EventSourceInit-withCredentials>withCredentials</dfn> = false;
};</pre>
- <p>The <dfn id=dom-eventsource title=dom-EventSource><code>EventSource(<var title="">url</var>)</code></dfn> constructor takes one argument,
- <var title="">url</var>, which specifies the <a href=#url>URL</a> to
- which to connect. When the <code>EventSource()</code> constructor is
+ <p>The <dfn id=dom-eventsource title=dom-EventSource><code>EventSource()</code></dfn>
+ constructor takes one or two arguments. The first specifies the
+ <a href=#url>URL</a> to which to connect. The second specifies the
+ settings, if any, in the form of an <code><a href=#eventsourceinit>EventSourceInit</a></code>
+ dictionary. When the <code>EventSource()</code> constructor is
invoked, the UA must run these steps:</p>
<ol><li><p><a href=#resolve-a-url title="resolve a url">Resolve</a> the
- <a href=#url>URL</a> specified in <var title="">url</var>, relative to
- the <a href=#entry-script>entry script</a>'s <a href="#script's-base-url" title="script's base
- URL">base URL</a>.
+ <a href=#url>URL</a> specified in the first argument, relative to the
+ <a href=#entry-script>entry script</a>'s <a href="#script's-base-url" title="script's base URL">base
+ URL</a>.
</li>
<li><p>If the previous step failed, then throw a
<code><a href=#syntaxerror>SyntaxError</a></code> exception.</li>
- <li><p>Return a new <code><a href=#eventsource>EventSource</a></code> object, and continue
+ <li><p>Create a new <code><a href=#eventsource>EventSource</a></code> object.</li>
+
+ <li><p>Let <var title="">CORS mode</var> be <a href=#attr-crossorigin-anonymous title=attr-crossorigin-anonymous>Anonymous</a>.</li>
+
+ <li><p>If the second argument is present, and the <code title=dom-EventSourceInit-withCredentials><a href=#dom-eventsourceinit-withcredentials>withCredentials</a></code>
+ dictionary member has the value true, then set <var title="">CORS
+ mode</var> to <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
+ Credentials</a> and initialize the new <code><a href=#eventsource>EventSource</a></code>
+ object's <code title=dom-EventSource-withCredentials><a href=#dom-eventsource-withcredentials>withCredentials</a></code>
+ attribute to true.</li>
+
+ <li><p>Return the new <code><a href=#eventsource>EventSource</a></code> object, and continue
these steps in the background (without blocking scripts).</li>
<li>
<p>Do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i> being
- <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
- Credentials</a>, and the <i title="">origin</i> being the <a href=#entry-script>entry
- script</a>'s <a href=#origin>origin</a><!--, and the <i>default origin
- behaviour</i> set to <i>fail</i> (though it has no effect in the
- "Use Credentials" mode)-->, and process the resource obtained in
- this fashion, if any, as described below.</p>
+ <var title="">CORS mode</var>, and the <i title="">origin</i>
+ being the <a href=#entry-script>entry script</a>'s <a href=#origin>origin</a><!--, and
+ the <i>default origin behaviour</i> set to <i>fail</i> (though it
+ has no effect in the "Use Credentials" mode)-->, and process the
+ resource obtained in this fashion, if any, as described below.</p>
<p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm (which is used by CORS) is
such that if the browser is already fetching the resource
@@ -79500,6 +79517,10 @@
passed to the constructor.</p> <!-- not the result of redirects,
since that would introduce race conditions -->
+ <p>The <dfn id=dom-eventsource-withcredentials title=dom-EventSource-withCredentials><code>withCredentials</code></dfn>
+ attribute must return the value to which it was last initialized.
+ When the object is created, it must be initialized to false.</p>
+
<p>The <dfn id=dom-eventsource-readystate title=dom-EventSource-readyState><code>readyState</code></dfn>
attribute represents the state of the connection. It can have the
following values:</p>
Modified: source
===================================================================
--- source 2011-10-31 16:04:24 UTC (rev 6790)
+++ source 2011-10-31 23:17:18 UTC (rev 6791)
@@ -89813,9 +89813,10 @@
<h4>The <code>EventSource</code> interface</h4>
- <pre class="idl">[<span title="dom-EventSource">Constructor</span>(DOMString url)]
+ <pre class="idl">[<span title="dom-EventSource">Constructor</span>(DOMString url, optional <span>EventSourceInit</span> eventSourceInitDict)]
interface <dfn>EventSource</dfn> : <span>EventTarget</span> {
readonly attribute DOMString <span title="dom-EventSource-url">url</span>;
+ readonly attribute boolean <span title="dom-EventSource-withCredentials">withCredentials</span>;
// ready state
const unsigned short <span title="dom-EventSource-CONNECTING">CONNECTING</span> = 0;
@@ -89828,20 +89829,25 @@
[TreatNonCallableAsNull] attribute <span>Function</span>? <span title="handler-EventSource-onmessage">onmessage</span>;
[TreatNonCallableAsNull] attribute <span>Function</span>? <span title="handler-EventSource-onerror">onerror</span>;
void <span title="dom-EventSource-close">close</span>();
+};
+
+dictionary <dfn>EventSourceInit</dfn> {
+ boolean <dfn title="dom-EventSourceInit-withCredentials">withCredentials</dfn> = false;
};</pre>
- <p>The <dfn title="dom-EventSource"><code>EventSource(<var
- title="">url</var>)</code></dfn> constructor takes one argument,
- <var title="">url</var>, which specifies the <span>URL</span> to
- which to connect. When the <code>EventSource()</code> constructor is
+ <p>The <dfn title="dom-EventSource"><code>EventSource()</code></dfn>
+ constructor takes one or two arguments. The first specifies the
+ <span>URL</span> to which to connect. The second specifies the
+ settings, if any, in the form of an <code>EventSourceInit</code>
+ dictionary. When the <code>EventSource()</code> constructor is
invoked, the UA must run these steps:</p>
<ol>
<li><p><span title="resolve a url">Resolve</span> the
- <span>URL</span> specified in <var title="">url</var>, relative to
- the <span>entry script</span>'s <span title="script's base
- URL">base URL</span>.
+ <span>URL</span> specified in the first argument, relative to the
+ <span>entry script</span>'s <span title="script's base URL">base
+ URL</span>.
<!--END complete--><!--END epub-->
<a href="#refsHTML">[HTML]</a>
<!--START complete--><!--START epub-->
@@ -89850,19 +89856,32 @@
<li><p>If the previous step failed, then throw a
<code>SyntaxError</code> exception.</p></li>
- <li><p>Return a new <code>EventSource</code> object, and continue
+ <li><p>Create a new <code>EventSource</code> object.</p></li>
+
+ <li><p>Let <var title="">CORS mode</var> be <span
+ title="attr-crossorigin-anonymous">Anonymous</span>.</p></li>
+
+ <li><p>If the second argument is present, and the <code
+ title="dom-EventSourceInit-withCredentials">withCredentials</code>
+ dictionary member has the value true, then set <var title="">CORS
+ mode</var> to <span title="attr-crossorigin-use-credentials">Use
+ Credentials</span> and initialize the new <code>EventSource</code>
+ object's <code
+ title="dom-EventSource-withCredentials">withCredentials</code>
+ attribute to true.</p></li>
+
+ <li><p>Return the new <code>EventSource</code> object, and continue
these steps in the background (without blocking scripts).</p></li>
<li>
<p>Do a <span>potentially CORS-enabled fetch</span> of the
resulting <span>absolute URL</span>, with the <i>mode</i> being
- <span title="attr-crossorigin-use-credentials">Use
- Credentials</span>, and the <i title="">origin</i> being the <span>entry
- script</span>'s <span>origin</span><!--, and the <i>default origin
- behaviour</i> set to <i>fail</i> (though it has no effect in the
- "Use Credentials" mode)-->, and process the resource obtained in
- this fashion, if any, as described below.</p>
+ <var title="">CORS mode</var>, and the <i title="">origin</i>
+ being the <span>entry script</span>'s <span>origin</span><!--, and
+ the <i>default origin behaviour</i> set to <i>fail</i> (though it
+ has no effect in the "Use Credentials" mode)-->, and process the
+ resource obtained in this fashion, if any, as described below.</p>
<p class="note">The definition of the <span
title="fetch">fetching</span> algorithm (which is used by CORS) is
@@ -89889,6 +89908,11 @@
since that would introduce race conditions -->
<p>The <dfn
+ title="dom-EventSource-withCredentials"><code>withCredentials</code></dfn>
+ attribute must return the value to which it was last initialized.
+ When the object is created, it must be initialized to false.</p>
+
+ <p>The <dfn
title="dom-EventSource-readyState"><code>readyState</code></dfn>
attribute represents the state of the connection. It can have the
following values:</p>
More information about the Commit-Watchers
mailing list