W3C home > Mailing lists > Public > public-webapi@w3.org > February 2007

Re: XMLHttpRequest for Last Call

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 13 Feb 2007 08:20:40 -0800
Message-Id: <566BC412-D098-4EAB-9F02-6047BF2FF721@apple.com>
Cc: Anne van Kesteren <annevk@opera.com>, "Web API WG (public)" <public-webapi@w3.org>
To: Julian Reschke <julian.reschke@gmx.de>


On Feb 13, 2007, at 8:11 AM, Julian Reschke wrote:

>
> Anne van Kesteren schrieb:
>> On Tue, 13 Feb 2007 16:59:12 +0100, Julian Reschke  
>> <julian.reschke@gmx.de> wrote:
>>> I think the spec needs to be carefully checked for usage of  
>>> RFC2119/BCP14 terminology. For instance (<http://dev.w3.org/ 
>>> cvsweb/~checkout~/2006/webapi/XMLHttpRequest/Overview.html? 
>>> content-type=text/html;%20charset=utf-8#dfn-setrequestheader>):
>>>
>>> "For security reasons nothing SHOULD be done if the header  
>>> argument matches one of the following headers case-insensitively:"
>>>
>>> I think I understand what the intent is, but maybe it should be  
>>> rephrased to:
>>>
>>> "For security reasons, a server SHOULD ignore any attempt to  
>>> modify any of the headers below (header names being matched case- 
>>> insensitively):"
>> I don't understand this suggestion. Are you sure you understand  
>> what the section is about?
>
> Yes. The problem is the spec saying "...nothing SHOULD be done...".  
> I think it's better to be explicit what the implementation should  
> do (in this case, ignore the method call).

I agree that using active voice is better than using passive voice,  
but there are no requirements being imposed on the server here  
(wouldn't make sense for XMLHttpRequest to do that).

  - Maciej
Received on Tuesday, 13 February 2007 16:59:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:57 GMT