Add Last-Event-ID to CORS-safelisted request headers
#1788
Conversation
|
@yoichio @KershawChang @youennf any final thoughts? |
rexxars
force-pushed
the
feat/cors-safelist-last-event-id
branch
from
76fc1a2 to
7a0ead3
Compare
Thanks! Done :) |
|
Gecko is interested, but how likely will this cause some webcompat issues? Is #568 (comment) about the relevant change? Those numbers are going up, but still rather low. Edit: looks like it was discussed here #568 (comment) |
Since EventSource implementations in most environments already send this header without CORS preflight request, it makes sense to make it a safelisted header. See whatwg#568
rexxars
force-pushed
the
feat/cors-safelist-last-event-id
branch
from
7a0ead3 to
b5a68d4
Compare
|
From the WHATNOT meeting on 2024-12-05:
👋 PR author here. @yoichio commented on the related issue with this link which contains some statistics on this. It seems to me like these numbers are still very low, but I am also not a browser developer/maintainer, so I don't know what is generally considered low numbers on these sort of topics. I'm interesting in moving this forward - it seems to have interest from Gecko and WebKit, and I have not heard any opposition yet. Should this be raised again in an upcoming WHATNOT meeting, or is there something I can do on my side to move this along? |
|
Implementation bugs still have to be filed. That would help a bit. I'l flag it for the next meeting as well to check there's no opposition. (If you're up for it implementing it in a browser can also do wonders.) |
Since EventSource implementations in most environments already send this header without CORS preflight request, it makes sense to make it a safe-listed header.
See #568 for more background.
Last-Event-IDto CORS-safelisted headers web-platform-tests/wpt#49257(See WHATWG Working Mode: Changes for more details.)
Preview | Diff