W3C home > Mailing lists > Public > public-webapi@w3.org > March 2008

Re: IE Team's Proposal for Cross Site Requests

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 17 Mar 2008 23:12:59 +0100
To: "Sunava Dutta" <sunavad@windows.microsoft.com>, "Maciej Stachowiak" <mjs@apple.com>, "Eric Lawrence" <ericlaw@exchange.microsoft.com>
Cc: "Web API WG (public)" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>, "Chris Wilson" <Chris.Wilson@microsoft.com>, "Zhenbin Xu" <zhenbinx@windows.microsoft.com>, "Gideon Cohn" <gidco@windows.microsoft.com>, "Sharath Udupa" <Sharath.Udupa@microsoft.com>, "Doug Stamper" <dstamper@exchange.microsoft.com>, "Marc Silbey" <marcsil@windows.microsoft.com>
Message-ID: <op.t76lbxnv64w2qv@annevk-t60.oslo.opera.com>

On Mon, 17 Mar 2008 22:29:54 +0100, Sunava Dutta  
<sunavad@windows.microsoft.com> wrote:
> There are many threats against a cross-domain communication mechanism,  
> so we believe the simplicity of XDR makes it more suitable than  
> attempting to plumb cross-domain capabilities into the existing XHR  
> object.  In particular, we are concerned that attempting to introduce  
> new restrictions/added complexity on an XHR object when it is used in a  
> cross-domain manner will result in a confusing programming model for the  
> web developer.

Could you elaborate on why you consider the proposed model to be confusing  
for Web developers? It's in fact as simple as:

   var client = new XMLHttpRequest()
   client.onreadystatechange = function() { ...}
   client.open("GET", "http://cross-site.example.org/resource")
   client.send()

Indeed, as complex as normal usage of XMLHttpRequest. The model proposed  
doesn't just solve it for XMLHttpRequest, it can also be used for  
cross-site XSLT:

   <?xml-stylesheet
     href="http://cross-site.example.org/transform"
     type="application/xslt+xml"?>

Again, no changes required in the way you initiate the request. The  
server-side is not much more complex than what has been proposed by  
Microsoft although a preflight request has to be handled by the server to  
ensure that the server is ok with custom methods, a request entity body,  
etc.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Monday, 17 March 2008 22:12:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 17 March 2008 22:12:48 GMT