Re: Form HTTP Extensions from Cameron Jones on 2014-04-30 (public-html@w3.org from April 2014)

From: Cameron Jones <cmhjones@gmail.com>
Date: Wed, 30 Apr 2014 15:27:27 +0100
To: mike amundsen <mamund@yahoo.com>
Cc: "public-html@w3.org LIST" <public-html@w3.org>
Message-ID: <CALGrgevFoiyNDFbkz+k9qsyv6wpzVv58=NiwmTo1LPf2Xgad6w@mail.gmail.com>

On Fri, Apr 18, 2014 at 3:21 PM, Cameron Jones <cmhjones@gmail.com> wrote:

[snip]


> The introduction of new form control fields would be an area where there
> could be a clash with existing implementations, however the behavior is
> triggered through the document being served with the "WWW-Authenticate"
> header for HTTP Authentication negotiation. As such, it precludes the scope
> for clashing with current implementations as no-one would serve a login
> page using cookie-based authentication in addition to HTTP Authentication
> as this would induce both a login form and a login popup by the UA.
>
>


I've updated the HTTP Authentication example to highlight the necessary
HTTP response headers required for use of this feature:

http://cameronjones.github.io/form-http-extensions/index.html#h3_http-authentication-login-form

Thanks,
Cameron Jones



>
>>
>>
>>
>> mamund
>> +1.859.757.1449
>> skype: mca.amundsen
>> http://amundsen.com/blog/
>> http://twitter.com/mamund
>> https://github.com/mamund
>> http://linkedin.com/in/mamund
>>
>>
>> On Thu, Apr 17, 2014 at 9:42 AM, Cameron Jones <cmhjones@gmail.com>wrote:
>>
>>> Dear all,
>>>
>>> I am about to submit an email to public-html-admin requesting the
>>> publication of an extension specification for Form HTTP Extensions. Prior
>>> to this and minting a FPWD snapshot i would like to initiate this thread
>>> for any further technical discussion over the specification. The current
>>> editor's draft resides here:
>>>
>>> http://cameronjones.github.io/form-http-extensions/index.html
>>>
>>> The extension specification resolves the previously tracked "ISSUE-195:
>>> Enhance http request generation from forms":
>>>
>>> http://www.w3.org/html/wg/tracker/issues/195
>>>
>>> In summary, the extension amount to the following changes:
>>>
>>>     * Remove restrictions on form HTTP methods to allow for PUT and
>>> DELETE methods, in addition to HTTP extension-methods for
>>> private\experimental use under CORS restrictions.
>>>     * Introduce @payload submission attribute on form controls allowing
>>> targeting URL queries, HTTP headers and message data from user input or
>>> hidden fields.
>>>     * Extends the use of named form control fields to include
>>> "_username_" and "_password_" for integration with User Agent HTTP
>>> Authentication, akin to XHR open() method arguments.
>>>     * Additional "_logout_" named form control field for initiating
>>> clearing of User Agent HTTP Authentication Cache defined by RFC2617
>>> "protection space".
>>>
>>> The following is a list of additional references with further discussion
>>> and/or information:
>>>
>>>
>>> http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2013-February/208357.html
>>> http://lists.w3.org/Archives/Public/public-html/2013Feb/0227.html
>>>
>>> Feedback is most welcome!
>>>
>>> Thanks,
>>> Cameron Jones
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>

Received on Wednesday, 30 April 2014 14:27:55 UTC