1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-28 12:12:22 -05:00

XEP-0363: added implementation note on CORS header

This commit is contained in:
Daniel Gultsch 2018-12-10 19:58:47 +01:00
parent 8a4b7b6e8d
commit 90a545fb85

View File

@ -30,6 +30,17 @@
<email>daniel@gultsch.de</email> <email>daniel@gultsch.de</email>
<jid>daniel@gultsch.de</jid> <jid>daniel@gultsch.de</jid>
</author> </author>
<revision>
<version>0.8.0</version>
<date>2018-12-10</date>
<initials>dg</initials>
<remark>
<ul>
<li>Added implementation notes regarding CORS headers for use of HTTP Upload in web clients.</li>
<li>Increase recommended timeout value for PUT URLs to better suit mobile connections</li>
</ul>
</remark>
</revision>
<revision> <revision>
<version>0.7.0</version> <version>0.7.0</version>
<date>2018-05-30</date> <date>2018-05-30</date>
@ -293,7 +304,8 @@
<p>There is no further XMPP communication required between the upload service and the client. A HTTP status Code of 201 means that the server is now ready to serve the file via the provided GET URL. If the upload fails for whatever reasons the client MAY request a new slot.</p> <p>There is no further XMPP communication required between the upload service and the client. A HTTP status Code of 201 means that the server is now ready to serve the file via the provided GET URL. If the upload fails for whatever reasons the client MAY request a new slot.</p>
</section1> </section1>
<section1 topic='Implementation Notes' anchor='impl'> <section1 topic='Implementation Notes' anchor='impl'>
<p>The upload service SHOULD choose an appropriate timeout for the validity of the PUT URL. Since there is no reason for a client to wait between requesting the slot and starting the upload, relatively low timeout values of around 60s are RECOMMENDED.</p> <p>The upload service SHOULD choose an appropriate timeout for the validity of the PUT URL. Since there is no reason for a client to wait between requesting the slot and starting the upload, relatively low timeout values of around 300s are RECOMMENDED.</p>
<p>To make HTTP Upload work in web clients (including those hosted on a different domain) the upload service SHOULD set appropriate <link url="https://www.w3.org/TR/cors/">CORS</link>-Headers. The exact headers and values are out of scope of this document but may include: <em>Access-Control-Allow-Origin</em>, <em>Access-Control-Allow-Methods</em> and <em>Access-Control-Allow-Headers</em>. For HTTP upload services that use custom <em>Authorization</em> or <em>Cookie</em> request header the CORS-Header <em>Access-Control-Allow-Credentials</em> might also be of importance.</p>
</section1> </section1>
<section1 topic='Security Considerations' anchor='security'> <section1 topic='Security Considerations' anchor='security'>
<ul> <ul>