W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: [AC] Helping server admins not making mistakes

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 12 Jun 2008 14:10:56 -0700
Message-ID: <485190E0.8060803@sicking.cc>
To: Jonas Sicking <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>, public-webapps@w3.org, Thomas Roessler <tlr@w3.org>

Hi Thomas and everyone,

So I realize that I'm not quite understanding your previous mail. It 
sounds like you have some alternative proposal in mind which I'm not 
following.

So let me start by stating my concerns:

My concern with the current spec is that once a server in the pre-flight 
request has opted in to the Access-Control spec, it is not going to be 
able to "correctly" handle all the possible requests that are enabled by 
the opt-in. With "correctly" here defined as what the server operator 
had in mind when opting in.

I have this concern since currently opting in means that you have to 
deal with all possible combinations of all valid http headers and http 
methods.

There is currently no way for the server operator to opt in without also 
having to deal with this.

In the initial mail in this thread I had a proposal to address this 
concern. At the cost of some complexity in the client.


It sounds like you have a counter proposal. Before you describe this 
proposal, I have four questions:

What is the purpose of the proposal?
Does this proposal still address all or part of my above concern?
Is it simpler than my proposal?
Is it simpler than the current spec?

And then finally I'm of course interested to hear what your proposal 
actually is :)

Best Regards,
/ Jonas
Received on Thursday, 12 June 2008 21:14:40 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:25 GMT