W3C home > Mailing lists > Public > public-web-security@w3.org > June 2011

Proposed change: "xhr-src" to "connect"

From: Brandon Sterne <bsterne@mozilla.com>
Date: Tue, 21 Jun 2011 15:13:58 -0700
Message-ID: <4E0117A6.9080703@mozilla.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>
Per previous discussions, I would like to broaden the scope of the
xhr-src directive and rename it to reflect the change.  The tentative
proposal for the new directive name is "connect" and it would define the
list of sources that a page can connect to via DOM/JS APIs.  To begin
with, this directive would cover:

  - XMLHttpRequest
  - WebSocket
  - EventSource

Are there other APIs that belong in this bucket?

On a related note, Adam has advocated including Worker in this new
category, but I believe we should add Worker under script-src since the
stated purpose of that API is to run script in the background and I
believe this will be "least surprising" to web developers.

Would people support this change?

Thanks,
Brandon
Received on Tuesday, 21 June 2011 22:14:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:19 UTC