Permalink
Browse files

[giow] (0) CORS-enable EventSource, for cross-site event streams

git-svn-id: http://svn.whatwg.org/webapps@6255 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
1 parent e433aeb commit b2f9fbcc54d65571b314db838c75fc69e8a10341 @Hixie Hixie committed Jun 17, 2011
Showing with 55 additions and 32 deletions.
  1. +28 −16 complete.html
  2. +27 −16 source
View
44 complete.html
@@ -78851,17 +78851,21 @@ <h4 id=the-eventsource-interface><span class=secno>11.2.2 </span>The <code><a hr
<li>
- <p><a href=#fetch>Fetch</a> the resource identified by the resulting
- <a href=#absolute-url>absolute URL</a>, from the <a href=#entry-script>entry script</a>'s
- <a href=#origin>origin</a>, with the <i>force same-origin flag</i> set,
- and process it as described below.</p> <!-- not http-origin
- privacy sensitive (looking forward to CORS) -->
-
- <p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm is such that if the
- browser is already fetching the resource identified by the given
- <a href=#absolute-url>absolute URL</a>, that connection can be reused, instead
- of a new connection being established. All messages received up to
- this point are dispatched immediately, in this case.</p>
+ <p>Do a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the
+ resulting <a href=#absolute-url>absolute URL</a>, with the <i>mode</i> being
+ <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
+ Credentials</a>, and the <i><a href=#origin>origin</a></i> being the <a href=#entry-script>entry
+ script</a>'s <a href=#origin>origin</a><!--, and the <i>default origin
+ behaviour</i> set to <i>fail</i> (though it has no effect in the
+ "Use Credentials" mode)-->, and process the resource obtained in
+ this fashion, if any, as described below.</p>
+
+ <p class=note>The definition of the <a href=#fetch title=fetch>fetching</a> algorithm (which is used by CORS) is
+ such that if the browser is already fetching the resource
+ identified by the given <a href=#absolute-url>absolute URL</a>, that connection
+ can be reused, instead of a new connection being established. All
+ messages received up to this point are dispatched immediately, in
+ this case.</p>
</li>
@@ -78984,8 +78988,8 @@ <h4 id=processing-model-5><span class=secno>11.2.3 </span>Processing model</h4>
other subresource.</p>
<p>HTTP 301 Moved Permanently, HTTP 302 Found, 303 See Other, and
- 307 Temporary Redirect responses are handled by the <a href=#fetch title=fetch>fetching</a> algorithm. In the case of 301
- redirects, the user agent must also remember the new URL so that
+ 307 Temporary Redirect responses are handled by the <a href=#fetch title=fetch>fetching</a> and CORS algorithms. In the case of
+ 301 redirects, the user agent must also remember the new URL so that
subsequent requests for this resource for this
<code><a href=#eventsource>EventSource</a></code> object start with the URL given for the
last 301 seen for requests for this object.</p>
@@ -79022,9 +79026,17 @@ <h4 id=processing-model-5><span class=secno>11.2.3 </span>Processing model</h4>
<code title=event-error>error</code> at the
<code><a href=#eventsource>EventSource</a></code> object, and then, after a delay equal to
the reconnection time of the event source, if the <code title=dom-EventSource-readyState><a href=#dom-eventsource-readystate>readyState</a></code> attribute is
- still set to <code title=dom-EventSource-CONNECTING><a href=#dom-eventsource-connecting>CONNECTING</a></code>,
- <a href=#fetch>fetch</a> the event source resource again from the same
- <a href=#origin>origin</a> as the original request triggered by the <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code> constructor.</p>
+ still set to <code title=dom-EventSource-CONNECTING><a href=#dom-eventsource-connecting>CONNECTING</a></code>, once again do
+ a <a href=#potentially-cors-enabled-fetch>potentially CORS-enabled fetch</a> of the <a href=#absolute-url>absolute
+ URL</a> of the event source resource, with the <i>mode</i> being
+ <a href=#attr-crossorigin-use-credentials title=attr-crossorigin-use-credentials>Use
+ Credentials</a>, and the <i><a href=#origin>origin</a></i> being the same as the
+ <a href=#origin>origin</a> used in the original request triggered by the
+ <code title=dom-EventSource><a href=#dom-eventsource>EventSource()</a></code> constructor<!--,
+ and the <i>default origin behaviour</i> set to <i>fail</i> (though
+ it has no effect in the "Use Credentials" mode)-->, and process the
+ resource obtained in this fashion, if any, as described in this
+ section.</p>
<p>When a user agent is to <dfn id=fail-the-connection>fail the connection</dfn>, the user
agent must set the <code title=dom-EventSource-readyState><a href=#dom-eventsource-readystate>readyState</a></code> attribute to
View
43 source
@@ -89371,18 +89371,22 @@ interface <dfn>EventSource</dfn> {
<li>
- <p><span>Fetch</span> the resource identified by the resulting
- <span>absolute URL</span>, from the <span>entry script</span>'s
- <span>origin</span>, with the <i>force same-origin flag</i> set,
- and process it as described below.</p> <!-- not http-origin
- privacy sensitive (looking forward to CORS) -->
+ <p>Do a <span>potentially CORS-enabled fetch</span> of the
+ resulting <span>absolute URL</span>, with the <i>mode</i> being
+ <span title="attr-crossorigin-use-credentials">Use
+ Credentials</span>, and the <i>origin</i> being the <span>entry
+ script</span>'s <span>origin</span><!--, and the <i>default origin
+ behaviour</i> set to <i>fail</i> (though it has no effect in the
+ "Use Credentials" mode)-->, and process the resource obtained in
+ this fashion, if any, as described below.</p>
<p class="note">The definition of the <span
- title="fetch">fetching</span> algorithm is such that if the
- browser is already fetching the resource identified by the given
- <span>absolute URL</span>, that connection can be reused, instead
- of a new connection being established. All messages received up to
- this point are dispatched immediately, in this case.</p>
+ title="fetch">fetching</span> algorithm (which is used by CORS) is
+ such that if the browser is already fetching the resource
+ identified by the given <span>absolute URL</span>, that connection
+ can be reused, instead of a new connection being established. All
+ messages received up to this point are dispatched immediately, in
+ this case.</p>
</li>
@@ -89539,8 +89543,8 @@ interface <dfn>EventSource</dfn> {
<p>HTTP 301 Moved Permanently, HTTP 302 Found, 303 See Other, and
307 Temporary Redirect responses are handled by the <span
- title="fetch">fetching</span> algorithm. In the case of 301
- redirects, the user agent must also remember the new URL so that
+ title="fetch">fetching</span> and CORS algorithms. In the case of
+ 301 redirects, the user agent must also remember the new URL so that
subsequent requests for this resource for this
<code>EventSource</code> object start with the URL given for the
last 301 seen for requests for this object.</p>
@@ -89584,10 +89588,17 @@ interface <dfn>EventSource</dfn> {
the reconnection time of the event source, if the <code
title="dom-EventSource-readyState">readyState</code> attribute is
still set to <code
- title="dom-EventSource-CONNECTING">CONNECTING</code>,
- <span>fetch</span> the event source resource again from the same
- <span>origin</span> as the original request triggered by the <code
- title="dom-EventSource">EventSource()</code> constructor.</p>
+ title="dom-EventSource-CONNECTING">CONNECTING</code>, once again do
+ a <span>potentially CORS-enabled fetch</span> of the <span>absolute
+ URL</span> of the event source resource, with the <i>mode</i> being
+ <span title="attr-crossorigin-use-credentials">Use
+ Credentials</span>, and the <i>origin</i> being the same as the
+ <span>origin</span> used in the original request triggered by the
+ <code title="dom-EventSource">EventSource()</code> constructor<!--,
+ and the <i>default origin behaviour</i> set to <i>fail</i> (though
+ it has no effect in the "Use Credentials" mode)-->, and process the
+ resource obtained in this fashion, if any, as described in this
+ section.</p>
<p>When a user agent is to <dfn>fail the connection</dfn>, the user
agent must set the <code

0 comments on commit b2f9fbc

Please sign in to comment.