[whatwg] unexpected use of the CORS specification

Silvia Pfeiffer silviapfeiffer1 at gmail.com
Sun Nov 8 14:08:31 PST 2009


Yes, that's the point. Please read the blog post for details. Benno
also discussed the issue of the number of requests made.

BTW: I've taken the public-html list off this thread, since I think
the discussion so far was only by WHATWG members and we want to avoid
too much cross-posting.

Thanks,
Silvia.

On Sun, Nov 8, 2009 at 1:16 PM, Mike Ressler <mressler at gmail.com> wrote:
> I think that Silvia was implying that a URL shortening service could respond
> with Access-Control-Allow-Origin:* or some such header to signal to the
> browser that this domain serves resources in a cross-origin fashion.  This
> would allow the browser to eagerly fetch the resulting URLs to aid in user
> interface hints without having to eagerly fetch URLs that aren't
> "shortened".
>
> Mike
>
> On Sun, Nov 8, 2009 at 10:25 AM, Adam Barth <whatwg at adambarth.com> wrote:
>>
>> I don't see the connection with CORS.  The browser is free to request
>> whatever URLs it wants.  The results need not be accessible to
>> content.  Maybe I'm misunderstanding.
>>
>> Adam
>>
>>
>> On Sat, Nov 7, 2009 at 11:35 PM, Silvia Pfeiffer
>> <silviapfeiffer1 at gmail.com> wrote:
>> > Hi,
>> >
>> > a friend of mine just wrote an interesting blog post about
>> > "unshortening twitter URLs", see
>> > http://benno.id.au/blog/2009/11/08/urlunshortener .
>> >
>> > In it he proposes that url shorteners should be treated specially in
>> > browsers such that when you mouse over a shortened url, the browse
>> > knows to interpret them (i.e. follow the redirection) and shows you
>> > the long URL as a hint. I would support such an approach, since I have
>> > been annoyed more than once that shortened URLs don't tell me anything
>> > about the target. As part of this would be a requirement for URL
>> > shorteners to support CORS http://www.w3.org/TR/cors/, which browsers
>> > can then use to follow the redirection.
>> >
>> > Further, Benno suggests extending http://www.w3.org/TR/XMLHttpRequest/
>> > with a property to disable following redirects automatically so as to
>> > be able to expose the redirection.
>> >
>> > I am not aware if somebody else has suggested these use cases for CORS
>> > and XMLHttpRequest before (this may not even be the right fora for
>> > it), but since these are so closely linked to what we do in HTML5, I
>> > thought it would be good to point it out. I would think that at
>> > minimum Anne knows what to do with it, since he is editor on both.
>> >
>> > Regards,
>> > Silvia.
>> >
>
>



More information about the whatwg mailing list