W3C home > Mailing lists > Public > public-webapi@w3.org > July 2006

Re[2]: About XMLHttpRequest Draft

From: Óscar Toledo G. <uno@biyubi.com>
Date: Wed, 19 Jul 2006 19:37:09 GMT
To: Mark Nottingham <mnot@yahoo-inc.com>
CC: <public-webapi@w3.org>
Message-ID: <1153337829482120799@biyubi.com>
> Content-MD5 is not set by most UAs, and so it's useful for the author
> to set it manually. While it may be difficult to calculate (esp. if
> the content is a DOMString), it's certainly possible.

Calculating Content-MD5 inside the UA is a valuable feature,
that removes burden on the user. I suggest two things for the
draft:

  * isSupported("hash-md5") method, so the user can check if
    his own MD5 script is needed on the transition phase.
  * Calculate MD5 automatically if Content-MD5 appears on
    setRequestHeader.

> Likewise, From is not normally set by UAs automatically, and it might
> be useful in some contexts.

The From header raises privacy concerns, if the XHR supports
it, the user must be able to disable it.

> I can easily see a case where a library or other XHR application
> might want to append something to the UA header.

I think that the User-Agent must identify unequivocally
software implementing XHR, if it is modified, it can easily
tell incorrect information to the server, specially on
cross-site XHR. Most UA headers already are long enough.

Truly

Óscar Toledo G.
http://www.biyubi.com/
Received on Wednesday, 19 July 2006 19:47:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT