- From: Brian Kardell <notifications@github.com>
- Date: Thu, 11 Feb 2016 16:31:26 -0800
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
- Message-ID: <w3ctag/spec-reviews/issues/76/183125622@github.com>
I'm not trying to add difficulty to this conversation but I'm genuinely still having trouble understanding... Specifically, I'm having difficulty discerning what @timbl is looking for or commenting on here as I expressed in https://lists.w3.org/Archives/Public/www-tag/2016Jan/0014.html and after talking with various people I dont think that I am alone in that. In that post I asked some questions to try to clarify and I didn't really get any reply from Tim so despite having further talks with other TAG members I don't feel like I am closer to understanding. So maybe it's helpful to more than just me if @timbl can tell me where I go off the rails... 1) With regard to fetch it is intentionally low level aimed at explaining existing stuff upon which we can build new higher level stuff. 2) Many many deployed web rely on XHR's exposure of withCredentials/CORs. Even if everyone agreed it was fundamentally bad we can't just switch it off -- so in order to explain that, fetch has to expose it too. 3) Many existing high level things already in the system have enough information to make the right decisions with only a url and do ok things. Once explained, I think several people have expressed that we could do more and that is a separate and bigger concern from fetch exposing with credentials. @timbl - Did you disagree with any of these? If so, at which point? --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/issues/76#issuecomment-183125622
Received on Friday, 12 February 2016 00:32:00 UTC