Confirmed users
716
edits
Security/Reviews/CrossOriginEventSource: Difference between revisions
Security/Reviews/CrossOriginEventSource (view source)
Revision as of 22:31, 12 July 2011
, 12 July 2011→Topics To Discuss During The Review
| Line 25: | Line 25: | ||
= Topics To Discuss During The Review = | = Topics To Discuss During The Review = | ||
''Please be prepared to discuss the topics listed at [[Security/ReviewTopics|ReviewTopics]] as they relate to your feature / project. Optionally, you may copy the most relevant questions here and answer them before the review, which could speed up the review meeting.'' | ''Please be prepared to discuss the topics listed at [[Security/ReviewTopics|ReviewTopics]] as they relate to your feature / project. Optionally, you may copy the most relevant questions here and answer them before the review, which could speed up the review meeting.'' | ||
CORS can be used in two "modes". With credentials, such as cookies, and without. The big controversial issue is weather to default EventSource to use cookies when going cross-site, or if that should be opt-in. XHR requires opt-in. Hixie has argued that the use cases for not using cookies are weak enough that we should simply not support it, thus the default, and only mode, would be to send cookies. | |||
= Review comments = | = Review comments = | ||
''Notes and bug numbers will be recorded here. Let's try not to spend too much time on any one topic during the meeting.'' | ''Notes and bug numbers will be recorded here. Let's try not to spend too much time on any one topic during the meeting.'' | ||