W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: Moving forward with XHR2 and AC

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 16 May 2008 13:37:54 +0200
To: "Ian Hickson" <ian@hixie.ch>, "public-webapi@w3.org" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>
Message-ID: <op.ua8vxgn164w2qv@annevk-t60.oslo.opera.com>

On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <ian@hixie.ch> wrote:
> Anne, can you summarise what needs doing to XHR2 and AC to move them
> forwards to last call? Is there a list of outstanding comments anywhere?

XMLHttpRequest Level 2

* Depends on XMLHttpRequest Level 1 feedback:  
http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-2
* It needs an introduction at some point. (Though not per se for Last Call  
I suppose.)


Access Control for Cross-Site Requests

* Need to deal with Access-Control-Policy-Path normalization
* Need to figure out if we want the server to whitelist headers/methods  
(we had methods before and then dropped it)
* Need to figure out if we want the server to opt in to cookies/credentials


> If there's anything I can do to help I'd be happy to do so. I would like
> to see this draft reach last call this month if possible.

If you have any ideas on how to solve the non-obvious bits of the above  
that would help.

Personally:

* Discouraging the use of Access-Control-Policy-Path other than with a  
value of / for IIS works for me.

* Adding the Access-Control-Headers and Access-Control-Methods  
conditionals is fine with me.

* I don't think we need to add opt in for cookies/credentials given that  
for GET such requests are already possible and for non-GET there's an  
OPTIONS opt-in request.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Friday, 16 May 2008 11:38:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 16 May 2008 11:38:25 GMT