[whatwg] Enhancement request: change EventSource to allow cross-domain access

Per-Erik Brodin per-erik.brodin at ericsson.com
Thu Jun 23 05:04:01 PDT 2011


On 2011-06-21 20:38, Ian Hickson wrote:
>> I misread the sentence "Do not actually terminate the request." in the
>> CORS spec as applying to both the resource sharing check pass and
>> failure cases.
>
> Ok. No change is require here then right?

No, I think the resource sharing check failures are covered by the 
sentence "Any other HTTP response code not listed here, and any network 
error [..] must cause the user agent to fail the connection".

>> OK, is Last-Event-ID also not a custom header then?
>
> There are no custom headers here. Why would you think there are?
>

The source of confusion was the fact that the list of simple headers in 
the CORS spec contained the Last-Event-ID header. Now that it has been 
removed and "custom headers" have been replaced by "author headers" it 
is clear that neither of the headers used with EventSource will trigger 
a preflight request.

Another question was raised in 
https://bugs.webkit.org/show_bug.cgi?id=61862#c17
The origin set on the dispatched message events is specified to be the 
"origin of the event stream's URL". Is this the URL passed to the 
EventSource constructor or the URL after some potential redirects (even 
temporary)?

//Per-Erik



More information about the whatwg mailing list