Anne van Kesteren
annevk at annevk.nl
Wed Apr 10 02:25:22 PDT 2013
On Tue, Apr 9, 2013 at 10:03 PM, David Herman <dherman at mozilla.com> wrote:
> This is closer to what we've been talking about doing. My rough plan (still working through details) is to preserve the separation of JS from web by allowing a loader to disallow some module sources from going through the translate step. Then the browser's built-in loader will be defined to allow cross-origin modules without CORS headers to be loaded but not translated.
I think what you want to do is define two request modes. "Fetch and
run" and "fetch, translate, and run". The former fetches as tainted
cross-origin (meaning remote script debugging is not possible for
cross-origin sources), the latter fetches as CORS.
There's no API anywhere in the platform today that does a CORS request
and then does not treat it as a network error if the necessary headers
are missing (which is what your proposal seems to do).
More information about the es-discuss