W3C home > Mailing lists > Public > public-webapi@w3.org > July 2006

Re[2]: About XMLHttpRequest Draft

From: Óscar Toledo G. <uno@biyubi.com>
Date: Wed, 19 Jul 2006 19:37:09 GMT
To: Mark Nottingham <mnot@yahoo-inc.com>
CC: <public-webapi@w3.org>
Message-ID: <1153337829482120799@biyubi.com>
> Content-MD5 is not set by most UAs, and so it's useful for the author
> to set it manually. While it may be difficult to calculate (esp. if
> the content is a DOMString), it's certainly possible.

Calculating Content-MD5 inside the UA is a valuable feature,
that removes burden on the user. I suggest two things for the

  * isSupported("hash-md5") method, so the user can check if
    his own MD5 script is needed on the transition phase.
  * Calculate MD5 automatically if Content-MD5 appears on

> Likewise, From is not normally set by UAs automatically, and it might
> be useful in some contexts.

The From header raises privacy concerns, if the XHR supports
it, the user must be able to disable it.

> I can easily see a case where a library or other XHR application
> might want to append something to the UA header.

I think that the User-Agent must identify unequivocally
software implementing XHR, if it is modified, it can easily
tell incorrect information to the server, specially on
cross-site XHR. Most UA headers already are long enough.


Óscar Toledo G.
Received on Wednesday, 19 July 2006 19:47:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:21 UTC