[whatwg] AppCache + CORS issue.

Michael Nordman michaeln at google.com
Fri Jul 1 13:38:46 PDT 2011

Cross-origin resources listed in the CACHE section aren't retrieved with the
'Origin' header and the responses may not contain the
header. This makes it impossible to utilized CORS for appcache resources.


We may need a way to express in the manifest file that the x-origin
resource is to be retrieved and cached with the CORS related headers.
Maybe a new manifest file section a lot like the CACHE section but a
little different... something like...


When fetching, the 'Origin' header would be included and the responses
'Access-Control-Allow-Origin' header would be cached. When accessed by
pages associated with the appcache, the access-control-allow-origin
header would be provided.

More information about the whatwg mailing list