[whatwg] AppCache + CORS issue.
Michael Nordman
michaeln at google.com
Fri Jul 1 13:38:46 PDT 2011
Cross-origin resources listed in the CACHE section aren't retrieved with the
'Origin' header and the responses may not contain the
'Access-Control-Allow-Origin'
header. This makes it impossible to utilized CORS for appcache resources.
http://code.google.com/p/chromium/issues/detail?id=86324
We may need a way to express in the manifest file that the x-origin
resource is to be retrieved and cached with the CORS related headers.
Maybe a new manifest file section a lot like the CACHE section but a
little different... something like...
CACHE-CORS:http://cross-origin/resource
When fetching, the 'Origin' header would be included and the responses
'Access-Control-Allow-Origin' header would be cached. When accessed by
pages associated with the appcache, the access-control-allow-origin
header would be provided.
More information about the whatwg
mailing list