[Webkit-unassigned] [Bug 65694] Make it possible to explicitly prevent a preflight via ThreadableLoaderOptions

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 5 07:25:44 PDT 2011


--- Comment #15 from Per-Erik Brodin <per-erik.brodin at ericsson.com>  2011-08-05 07:25:44 PST ---
(In reply to comment #12)
> I agree that the new headers could be problematic. We should definitely keep an eye out for problems. However, I think the risk is worth it. (Much like the risk of the new headers introduced by CORS are probably worth it.)

What headers are you talking about? The only special headers sent in an initial EventSource request are (except any CORS headers):
Accept: text/event-stream
Cache-Control: no-cache
(for the Last-Event-ID header ever to be sent the server must allow the origin and also provide a valid event-stream with id fields in it)

Since Accept is in the simple header whitelist, it can already be sent without preflight using XHR. That leaves Cache-Control, but isn't that header sent cross-origin in some other cases? Anyway it seems rather harmless to me.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list