W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Proposal

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 15 Jul 2008 08:20:09 +0000 (UTC)
To: Anne van Kesteren <annevk@opera.com>
Cc: WebApps WG <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.62.0807150818250.12994@hixie.dreamhostps.com>

On Tue, 15 Jul 2008, Anne van Kesteren wrote:
> 
> CROSS-SITE POST
> 
> We limit the amount of Content-Type header values people can set for the 
> simple cross-site POST request to those you can use with HTML forms 
> today. This list will not become a fixed list until we work out how 
> Access Control for Cross-Site Requests will work together with HTML5 
> forms.

This will lead to people lying about Content-Types, which is one of the 
big problems with XDR. I don't think this is a good thing. (In particular, 
it prevents us from sending XML over XHR, which is dumb given the name of 
the object if nothing else! Sending JSON and XML are the two biggest use 
cases of this API.)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 15 July 2008 08:20:44 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT