From 90a545fb85278f1672b9fb6d81ef3ab93d3658ae Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Mon, 10 Dec 2018 19:58:47 +0100 Subject: [PATCH] XEP-0363: added implementation note on CORS header --- xep-0363.xml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/xep-0363.xml b/xep-0363.xml index 2e068d42..1f59ce4f 100644 --- a/xep-0363.xml +++ b/xep-0363.xml @@ -30,6 +30,17 @@ daniel@gultsch.de daniel@gultsch.de + + 0.8.0 + 2018-12-10 + dg + +
    +
  • Added implementation notes regarding CORS headers for use of HTTP Upload in web clients.
    • +
  • Increase recommended timeout value for PUT URLs to better suit mobile connections
    • +
+ + 0.7.0 2018-05-30 @@ -293,7 +304,8 @@

There is no further XMPP communication required between the upload service and the client. A HTTP status Code of 201 means that the server is now ready to serve the file via the provided GET URL. If the upload fails for whatever reasons the client MAY request a new slot.

-

The upload service SHOULD choose an appropriate timeout for the validity of the PUT URL. Since there is no reason for a client to wait between requesting the slot and starting the upload, relatively low timeout values of around 60s are RECOMMENDED.

+

The upload service SHOULD choose an appropriate timeout for the validity of the PUT URL. Since there is no reason for a client to wait between requesting the slot and starting the upload, relatively low timeout values of around 300s are RECOMMENDED.

+

To make HTTP Upload work in web clients (including those hosted on a different domain) the upload service SHOULD set appropriate CORS-Headers. The exact headers and values are out of scope of this document but may include: Access-Control-Allow-Origin, Access-Control-Allow-Methods and Access-Control-Allow-Headers. For HTTP upload services that use custom Authorization or Cookie request header the CORS-Header Access-Control-Allow-Credentials might also be of importance.