Skip to content

Clarify CORS behavior for report uploads #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 9, 2018
Merged

Clarify CORS behavior for report uploads #97

merged 2 commits into from
Jul 9, 2018

Conversation

dcreager
Copy link
Member

@dcreager dcreager commented Jun 22, 2018
edited by pr-preview bot
Loading

Report uploads are supposed to behave The Right Way and send CORS preflight requests. We have to set Fetch's unsafe-request flag to trigger the preflights, and we also need to have a reasonable Origin. We use the origin of the reports themselves. This means that any particular report upload can only contain reports about a single origin, so this patch also adds an extra step to the upload algorithm to sort reports by origin after endpoints have been chosen.

Preview | Diff

Clarify CORS behavior for report uploads
701d979 
Report uploads are supposed to behave The Right Way and send CORS
preflight requests.  We have to set Fetch's `unsafe-request` flag to
trigger the preflights, and we also need to have a reasonable `Origin`.
We use the origin of the reports themselves.  This means that any
particular report upload can only contain reports about a single origin,
so this patch also adds an extra step to the upload algorithm to sort
reports by origin after endpoints have been chosen.
@dcreager dcreager requested review from igrigorik and mikewest June 22, 2018 20:30
@dcreager
Copy link
Member Author

/cc @estark37 ­— I can't mark you as a reviewer but I'd appreciate your take on this, too, since you opened #41

@dcreager dcreager mentioned this pull request Jul 6, 2018
Closed
Merge branch 'master' into cors
d3eb00f 
* master:
  Rename "report list" -> "report queue" (w3c#104)
  Clarify name of "observability" property (w3c#101)
  Add notes about load balancing mechanism (w3c#94)
  Fix typos (w3c#106)
  addressed comments
  Update "WICG" -> "W3C"
  Adding baseline CODE_OF_CONDUCT.md
  Use real User-Agent string in examples (w3c#98)
  Update links to JSON RFC (w3c#99)
  Collect current User-Agent when queueing a report (w3c#96)
  fixup s/report+json/reports+json/
  Define the MIME type in more detail.
@dcreager
Copy link
Member Author

dcreager commented Jul 9, 2018

I'm going to go ahead and merge this; if there are any issues with the new text, we can address them in follow-on CLs.

@dcreager dcreager merged commit c0328a0 into w3c:master Jul 9, 2018
@dcreager dcreager deleted the cors branch July 9, 2018 12:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igrigorik igrigorik Awaiting requested review from igrigorik

@mikewest mikewest Awaiting requested review from mikewest

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dcreager