- From: Kris Zyp <kris@sitepen.com>
- Date: Thu, 15 May 2008 21:39:35 -0600
- To: "Jonas Sicking" <jonas@sicking.cc>, "Jon Ferraiolo" <jferrai@us.ibm.com>
- Cc: "WAF WG \(public\)" <public-appformats@w3.org>
- Message-ID: <017001c8b706$76de5c30$4200a8c0@kris>
> * Rename it to something suitably vendor-neutral (DataRequest) I happen to be very fond of XMLHttpRequest, I have little bit of code that already uses it, it would be nice to be able to reuse for cross-site requests ;). Seriously though, what is more vendor-neutral than XMLHttpRequest, every browser implements it, if anything it is MS-ish, since they invented it. Why does a cross-site mechanism need a new API? Claiming that a new API somehow helps security is obviously without merit. The new API proposals also have lossed some important functionality from XHR, most importantly neither XDR nor JSONRequest have any mechanism for making synchronous requests. asyns-sync is completely orthogonal to security, and why should that capability be eliminated just because you are doing a cross-site request? Synchronous requests are essential in code where you have to add a request, but you can't change the API (asynchronous requests always require adding a callback to the chain of callers). I know at Dojo we have significant use cases for synchronous cross-site requests. Another example: JSONRequest doesn't have any mechanism for progress events/incremental loading. XDR did reinvent this with their onprogress event. This is another feature that XHR already covers. We have also discussed possible techniques for providing advice on long-lived connections for pipelining issues. Will we have to rehash those discussions for another API? AC definitely made the right decision in not reinventing the JS HTTP API, IMO. Kris
Received on Friday, 16 May 2008 05:02:23 UTC