I think that Silvia was implying that a URL shortening service could respond with <a href="http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea">Access-Control-Allow-Origin:*</a> or some such header to signal to the browser that this domain serves resources in a cross-origin fashion. This would allow the browser to eagerly fetch the resulting URLs to aid in user interface hints without having to eagerly fetch URLs that aren't "shortened". <br>
<br>Mike<br><br><div class="gmail_quote">On Sun, Nov 8, 2009 at 10:25 AM, Adam Barth <span dir="ltr"><<a href="mailto:whatwg@adambarth.com">whatwg@adambarth.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I don't see the connection with CORS. The browser is free to request<br>
whatever URLs it wants. The results need not be accessible to<br>
content. Maybe I'm misunderstanding.<br>
<font color="#888888"><br>
Adam<br>
</font><div><div></div><div class="h5"><br>
<br>
On Sat, Nov 7, 2009 at 11:35 PM, Silvia Pfeiffer<br>
<<a href="mailto:silviapfeiffer1@gmail.com">silviapfeiffer1@gmail.com</a>> wrote:<br>
> Hi,<br>
><br>
> a friend of mine just wrote an interesting blog post about<br>
> "unshortening twitter URLs", see<br>
> <a href="http://benno.id.au/blog/2009/11/08/urlunshortener" target="_blank">http://benno.id.au/blog/2009/11/08/urlunshortener</a> .<br>
><br>
> In it he proposes that url shorteners should be treated specially in<br>
> browsers such that when you mouse over a shortened url, the browse<br>
> knows to interpret them (i.e. follow the redirection) and shows you<br>
> the long URL as a hint. I would support such an approach, since I have<br>
> been annoyed more than once that shortened URLs don't tell me anything<br>
> about the target. As part of this would be a requirement for URL<br>
> shorteners to support CORS <a href="http://www.w3.org/TR/cors/" target="_blank">http://www.w3.org/TR/cors/</a>, which browsers<br>
> can then use to follow the redirection.<br>
><br>
> Further, Benno suggests extending <a href="http://www.w3.org/TR/XMLHttpRequest/" target="_blank">http://www.w3.org/TR/XMLHttpRequest/</a><br>
> with a property to disable following redirects automatically so as to<br>
> be able to expose the redirection.<br>
><br>
> I am not aware if somebody else has suggested these use cases for CORS<br>
> and XMLHttpRequest before (this may not even be the right fora for<br>
> it), but since these are so closely linked to what we do in HTML5, I<br>
> thought it would be good to point it out. I would think that at<br>
> minimum Anne knows what to do with it, since he is editor on both.<br>
><br>
> Regards,<br>
> Silvia.<br>
><br>
</div></div></blockquote></div><br>