W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: XMLHttpRequest Object feedback

From: Robin Berjon <robin.berjon@expway.fr>
Date: Thu, 6 Apr 2006 15:34:24 +0200
Message-Id: <59FB0A79-0ED2-4EFF-A660-CF7ECE5E2455@expway.fr>
Cc: <public-webapi@w3.org>
To: Jim Ley <jim@jibbering.com>

On Apr 06, 2006, at 10:46, Jim Ley wrote:
> "Mark Nottingham" <mnot@yahoo-inc.com>
>> It seems a *little* draconian to not allow the user to control If-  
>> Modified-Since, If-None-Match and If-Range. Range should  
>> definitely  be available to users; somebody might know what  
>> they're doing. :)
>
> Definately this is required, I though this was already agreed  
> actually...

It was agreed, it just didn't make it into the draft somehow.

>> The Referer header MUST be set, and MUST NOT be overridable; once  
>> cross-site XHR is available, sites will want to use it for  
>> security, logging, etc.
>
> I don't agree with this, a user agent MUST be allowed to anonymise  
> browsing, tracking users is not a suitable reason for changing this  
> behaviour.

Agreed, people using Referer for security should be transferred to  
another department. It should definitely be possible to remove it.

-- 
Robin Berjon
    Senior Research Scientist
    Expway, http://expway.com/
Received on Thursday, 6 April 2006 13:34:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT