Henri Sivonen wrote: >> I would want the XHR spec to clarify that it's not OK to initiate >> unsafe methods without the user's consent. > > What kind of UI would you suggest for obtaining consent e.g. in a case > where a Web app contains a big editable form and JavaScript saves a > backup copy of the form silently to the server side from time to time to > prevent data loss in case the user navigates away from the page or the > browser crashes? I would argue that this is a workaround for another problem (client-side persistence) and that we should fix that. > ... >> Yes. But the same problem can (and is) already used without "ping", >> and even if you use "ping", you still could do it with a safe method >> (HEAD/Cache-Control:no-cache). > > That might work and could be a tad safer. It isn't in any way > theoretically pure from the RFC 2616 point of view, though, to make HEAD > and GET have different semantics beyond the response body presence. I wasn't suggesting that. Best regards, JulianReceived on Sunday, 28 October 2007 12:41:52 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:05 GMT