W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: Moving forward with XHR2 and AC

From: Jonas Sicking <jonas@sicking.cc>
Date: Sun, 25 May 2008 10:30:01 -0700
Message-ID: <4839A219.4040509@sicking.cc>
To: Anne van Kesteren <annevk@opera.com>
Cc: Ian Hickson <ian@hixie.ch>, "public-webapi@w3.org" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>

Anne van Kesteren wrote:
> 
> I changed my mind on several things below.
> 
> On Fri, 16 May 2008 13:37:54 +0200, Anne van Kesteren <annevk@opera.com> 
> wrote:
>> On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <ian@hixie.ch> wrote:
>>> Anne, can you summarise what needs doing to XHR2 and AC to move them
>>> forwards to last call? Is there a list of outstanding comments anywhere?
>>
>> XMLHttpRequest Level 2
>>
>> * Depends on XMLHttpRequest Level 1 feedback: 
>> http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-2
>> * It needs an introduction at some point. (Though not per se for Last 
>> Call I suppose.)
> 
> This is both still true though I made some progress incorperating 
> feedback. (Need to make sure everything relevant made XMLHttpRequest 2 
> too though.
> 
> 
>> Access Control for Cross-Site Requests
>>
>> * Need to deal with Access-Control-Policy-Path normalization
> 
> Done.

I think we do need to deal with this. Just leaving it be will I think 
will cause exploitable servers out there.

>> * Need to figure out if we want the server to whitelist 
>> headers/methods (we had methods before and then dropped it)
> 
> I changed my mind on this. Given the reply from Björn in particular I 
> don't think there's anything that needs to be done here.

I strongly disagree here. Sorry about being slow to reply, will make 
sure that happens today.

>> * Need to figure out if we want the server to opt in to 
>> cookies/credentials
> 
> I rejected this proposal in another e-mail.

Same thing here.

/ Jonas
Received on Sunday, 25 May 2008 17:31:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 25 May 2008 17:31:26 GMT