[whatwg] Enhancement request: change EventSource to allow cross-domain access
Per-Erik Brodin
per-erik.brodin at ericsson.com
Thu Jun 23 05:04:01 PDT 2011
On 2011-06-21 20:38, Ian Hickson wrote:
>> I misread the sentence "Do not actually terminate the request." in the
>> CORS spec as applying to both the resource sharing check pass and
>> failure cases.
>
> Ok. No change is require here then right?
No, I think the resource sharing check failures are covered by the
sentence "Any other HTTP response code not listed here, and any network
error [..] must cause the user agent to fail the connection".
>> OK, is Last-Event-ID also not a custom header then?
>
> There are no custom headers here. Why would you think there are?
>
The source of confusion was the fact that the list of simple headers in
the CORS spec contained the Last-Event-ID header. Now that it has been
removed and "custom headers" have been replaced by "author headers" it
is clear that neither of the headers used with EventSource will trigger
a preflight request.
Another question was raised in
https://bugs.webkit.org/show_bug.cgi?id=61862#c17
The origin set on the dispatched message events is specified to be the
"origin of the event stream's URL". Is this the URL passed to the
EventSource constructor or the URL after some potential redirects (even
temporary)?
//Per-Erik
More information about the whatwg
mailing list