- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 12 Jun 2008 14:10:56 -0700
- To: Jonas Sicking <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>, public-webapps@w3.org, Thomas Roessler <tlr@w3.org>
Hi Thomas and everyone, So I realize that I'm not quite understanding your previous mail. It sounds like you have some alternative proposal in mind which I'm not following. So let me start by stating my concerns: My concern with the current spec is that once a server in the pre-flight request has opted in to the Access-Control spec, it is not going to be able to "correctly" handle all the possible requests that are enabled by the opt-in. With "correctly" here defined as what the server operator had in mind when opting in. I have this concern since currently opting in means that you have to deal with all possible combinations of all valid http headers and http methods. There is currently no way for the server operator to opt in without also having to deal with this. In the initial mail in this thread I had a proposal to address this concern. At the cost of some complexity in the client. It sounds like you have a counter proposal. Before you describe this proposal, I have four questions: What is the purpose of the proposal? Does this proposal still address all or part of my above concern? Is it simpler than my proposal? Is it simpler than the current spec? And then finally I'm of course interested to hear what your proposal actually is :) Best Regards, / Jonas
Received on Thursday, 12 June 2008 21:14:41 UTC