The hard lesson is that SSE sucks.
*) The cross-origin policy is not exactly well defined but this doesn't affect us
*) There is no way to set Authorization header and we have to rely on cookies
*) Have to use a polyfill to make work on IE
Also
*) timeout module does not close if headers are sent. So, it never closes SSE
*) nginx buffers responses until completion, so we have to disable that with X-Accel-Buffering header
The auth header basically means we have to move back to long polling or support
special auth just for SSE :-(
Girish Ramakrishnan
b0e8625cab