On Mon, 28 Sep 2009 18:30:38 +0200, Jonas Sicking jo...@sicking.cc wrote:
I still am of the opinion that we shouldn't send upload progress
events unless a preflight has been done. This is the solution we're
using in Firefox since CORS was implemented in 3.5. If someone is
willing to propose a
On Mon, Sep 28, 2009 at 4:57 AM, Anne van Kesteren ann...@opera.com wrote:
Any update on this Jonas?
On Fri, 20 Mar 2009 13:21:17 +0100, Alexey Proskuryakov a...@webkit.org
wrote:
20.03.2009, в 1:52, Jonas Sicking написал(а):
I don't know how easy it is with current technologies to do this
On Thu, 19 Mar 2009, Alexey Proskuryakov wrote:
In fact, it seems very likely that even timing of preflight requests
makes port scans possible, but I don't have any data to support this
theory.
Port scans are already possible with unscripted HTML using img elements
and meta
On Thu, Mar 19, 2009 at 12:29 AM, Ian Hickson i...@hixie.ch wrote:
On Thu, 19 Mar 2009, Alexey Proskuryakov wrote:
In fact, it seems very likely that even timing of preflight requests
makes port scans possible, but I don't have any data to support this
theory.
Port scans are already
19.03.2009, в 21:00, Jonas Sicking написал(а):
While I agree that there are other ways of doing this, I think I'd
have a really hard time selling a feature that explicitly allows port
scanning to our security team. Especially when there is an easy
remedy.
The price comes mainly in the form
On Thu, 19 Mar 2009 19:00:36 +0100, Jonas Sicking jo...@sicking.cc wrote:
While I agree that there are other ways of doing this, I think I'd
have a really hard time selling a feature that explicitly allows port
scanning to our security team. Especially when there is an easy
remedy.
Since there
On Wed, Mar 18, 2009 at 1:04 PM, Alexey Proskuryakov a...@webkit.org wrote:
Per the current XHR2 spec draft, upload progress events are not sent if the
cross-origin request didn't do preflight. What is the rationale behind this
requirement?
I used to think that this was necessary to prevent