Re: Moving forward with XHR2 and AC

Anne van Kesteren wrote:
> 
> I changed my mind on several things below.
> 
> On Fri, 16 May 2008 13:37:54 +0200, Anne van Kesteren <annevk@opera.com> 
> wrote:
>> On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <ian@hixie.ch> wrote:
>>> Anne, can you summarise what needs doing to XHR2 and AC to move them
>>> forwards to last call? Is there a list of outstanding comments anywhere?
>>
>> XMLHttpRequest Level 2
>>
>> * Depends on XMLHttpRequest Level 1 feedback: 
>> http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-2
>> * It needs an introduction at some point. (Though not per se for Last 
>> Call I suppose.)
> 
> This is both still true though I made some progress incorperating 
> feedback. (Need to make sure everything relevant made XMLHttpRequest 2 
> too though.
> 
> 
>> Access Control for Cross-Site Requests
>>
>> * Need to deal with Access-Control-Policy-Path normalization
> 
> Done.

I think we do need to deal with this. Just leaving it be will I think 
will cause exploitable servers out there.

>> * Need to figure out if we want the server to whitelist 
>> headers/methods (we had methods before and then dropped it)
> 
> I changed my mind on this. Given the reply from Björn in particular I 
> don't think there's anything that needs to be done here.

I strongly disagree here. Sorry about being slow to reply, will make 
sure that happens today.

>> * Need to figure out if we want the server to opt in to 
>> cookies/credentials
> 
> I rejected this proposal in another e-mail.

Same thing here.

/ Jonas

Received on Sunday, 25 May 2008 17:31:27 UTC