[whatwg] Enhancement request: change EventSource to allow cross-domain access
Anne van Kesteren
annevk at opera.com
Sat Jun 18 01:01:07 PDT 2011
On Sat, 18 Jun 2011 00:31:42 +0200, Ian Hickson <ian at hixie.ch> wrote:
> The reason we _didn't_ send credentials by default for <img> was that
> most cross-origin images are going to be static, and it would be a huge
> pain
> for the server to have to do per-connection work to determine the HTTP
> headers each time. With EventSource, that's a non-issue, since the server
> is going to have to do lots of much heavier per-connection work anyway.
I think we should change CORS to allow * for credentialed requests. People
have already asked for that. That would also allow dropping the
crossorigin="" attribute which complicates the request model for the
elements it is applicable to a lot. (Too much, in my opinion.)
(I designed CORS in such a way it could be used for <img> and such without
the need to introduce new syntax.)
--
Anne van Kesteren
http://annevankesteren.nl/
More information about the whatwg
mailing list