W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: XMLHttpRequest Object feedback

From: Jim Ley <jim@jibbering.com>
Date: Sun, 9 Apr 2006 14:27:10 +0100
Message-ID: <004a01c65bd9$4e83a900$2402a8c0@Snufkin>
To: <public-webapi@w3.org>

"Jonas Sicking" <jonas@sicking.cc>
> This would probably be helped by restricting to same-origin policies. But 
> I'd like to have good usecases even for adding that. I think site authors 
> would be upset if they couldn't rely on referer (which arguably already is 
> an issue since some firewall produces block outbound referer headers).

There's no arguably about it, many firewall's block it, as do others to 
anonymise user activity through the web, such things cannot be relied on.  I 
also don't see the author use cases for shopping cart checks?  Surely these 
use cookie based state methods.

Site authors already cannot rely on referrer, so quite why they should be 
able to rely on it with XHR I don't know, forcing special behavior on UA's 
depending on where a request comes from seems to be something you should do 
only in the most extreme situation.

Cheers,

Jim. 
Received on Sunday, 9 April 2006 13:28:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT