Bug 17042 - Last-Event-ID is not a simple header
Summary: Last-Event-ID is not a simple header
Status: RESOLVED INVALID
Alias: None
Product: WebAppsSec
Classification: Unclassified
Component: CORS (show other bugs)
Version: unspecified
Hardware: PC Windows XP
: P2 normal
Target Milestone: ---
Assignee: Anne
QA Contact: This bug has no owner yet - up for the taking
URL:
Whiteboard:
Keywords:
: 19315 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-05-13 09:02 UTC by vic99999
Modified: 2013-10-28 14:19 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description vic99999 2012-05-13 09:02:06 UTC
Server-sent-events use this header with CORS
http://www.w3.org/TR/eventsource/#last-event-id
Comment 1 Anne 2012-05-13 10:12:25 UTC
More importantly, it's not an author request header.
Comment 2 vic99999 2012-05-15 10:37:06 UTC
@Anne,
LOL!!!
thank you for your understanding
you just stop polyfilling Server sent events with XMLHttpRequest
Comment 3 Anne 2012-05-15 10:39:48 UTC
Ah yes, that would indeed not work without a preflight request. Is that a big problem?
Comment 4 Anne 2012-05-15 10:40:31 UTC
Also, at this time it seems easier to get browsers to add EventSource support than to change their CORS implementations yet again.
Comment 5 vic99999 2012-05-15 10:46:22 UTC
+
Last-Event-ID can be setted with help of EventSource, than disconnect + redirect 
can be done to make request with "Last-Event-ID" header to some other site.
Comment 6 vic99999 2012-05-15 10:52:53 UTC
or may be it is time to drop Server sent events...
and move to WebSockets
Comment 7 Anne 2012-05-15 10:59:24 UTC
I don't understand comment 5. WebSocket is great, but quite different from EventSource and EventSource is not going away at this point.
Comment 8 vic99999 2012-05-15 11:32:37 UTC
comment #5:
EventSource allows to make requests with "Last-Event-ID" header without preflight.
Comment 10 Anne 2013-08-12 13:47:59 UTC
That seems like a bug in Gecko to me. We also instruct the browser to set Referer and Origin to certain values. They're not simple either.
Comment 11 Anne 2013-10-28 14:19:28 UTC
*** Bug 19315 has been marked as a duplicate of this bug. ***