moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge commit 'refs/pull/725/head' of https://github.com/xsf/xeps

This commit is contained in:
Jonas Schäfer 2018-12-13 19:33:08 +01:00
parent 46a4629174 90a545fb85
commit 335938215c
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
xep-0363.xml
View File

@ -30,6 +30,17 @@
<email>daniel@gultsch.de</email>
<jid>daniel@gultsch.de</jid>
</author>
<revision>
<version>0.8.0</version>
<date>2018-12-10</date>
<initials>dg</initials>
<remark>
<ul>
<li>Added implementation notes regarding CORS headers for use of HTTP Upload in web clients.</li>
<li>Increase recommended timeout value for PUT URLs to better suit mobile connections</li>
</ul>
</remark>
</revision>
<revision>
<version>0.7.0</version>
<date>2018-05-30</date>
@ -293,7 +304,8 @@
<p>There is no further XMPP communication required between the upload service and the client. A HTTP status Code of 201 means that the server is now ready to serve the file via the provided GET URL. If the upload fails for whatever reasons the client MAY request a new slot.</p>
</section1>
<section1 topic='Implementation Notes' anchor='impl'>
<p>The upload service SHOULD choose an appropriate timeout for the validity of the PUT URL. Since there is no reason for a client to wait between requesting the slot and starting the upload, relatively low timeout values of around 60s are RECOMMENDED.</p>
<p>The upload service SHOULD choose an appropriate timeout for the validity of the PUT URL. Since there is no reason for a client to wait between requesting the slot and starting the upload, relatively low timeout values of around 300s are RECOMMENDED.</p>
<p>To make HTTP Upload work in web clients (including those hosted on a different domain) the upload service SHOULD set appropriate <link url="https://www.w3.org/TR/cors/">CORS</link>-Headers. The exact headers and values are out of scope of this document but may include: <em>Access-Control-Allow-Origin</em>, <em>Access-Control-Allow-Methods</em> and <em>Access-Control-Allow-Headers</em>. For HTTP upload services that use custom <em>Authorization</em> or <em>Cookie</em> request header the CORS-Header <em>Access-Control-Allow-Credentials</em> might also be of importance.</p>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<ul>