W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [UMP] Feedback on UMP from a quick read

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 8 Jan 2010 14:53:26 -0800
Message-ID: <7789133a1001081453i2fffb12fx7b8511645eaa9f9c@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: public-webapps <public-webapps@w3.org>
One more question: the draft doesn't seem to provide any way to
generate a uniform request.  Are we planning to have another
specification for an API for generating these requests?

Adam


On Fri, Jan 8, 2010 at 1:41 PM, Adam Barth <w3c@adambarth.com> wrote:
> [[
> In particular, the user agent should not add the HTTP headers:
> User-Agent, Accept, Accept-Language, Accept-Encoding, or
> Accept-Charset
> ]]
>
> This seems a bit overly constrictive.  Maybe we should send "Accept: */*", etc?
>
> More generally, I suspect the requirements in Section 3.2 violate
> various HTTP RFCs.  Maybe we should use the term "willful violation"
> somewhere?
>
> [[
> If the response to a uniform request is an HTTP redirect, it is
> handled as specified by [HTTP], whether or not the redirect is itself
> a uniform response. If the redirect is not a uniform response, the
> user-agent must still prevent the requesting content from accessing
> the content of the redirect itself, though a response to a redirected
> request might be accessible if it is a uniform response. If the
> response to a uniform request is an HTTP redirect, any redirected
> request must also be a uniform request.
> ]]
>
> This seems looser than needed.  It would be better if the redirect had
> to be a uniform response also.  There's a note in the spec "The HTML
> <form> element can also follow any redirect, without restriction by
> the Same Origin Policy", but the <form> element also sends Accept and
> User-Agent headers.  What's the reason for excluding the headers but
> not requiring redirects to be uniform responses?
>
> What happens with Set-Cookie headers included in uniform responses?
> It seems like we ought to ignore them based on the principle that UMP
> requests are made from a state store / context that is completely
> separate from the user agents normal state store / context.
>
> Adam
>
Received on Friday, 8 January 2010 22:54:20 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:36 GMT