W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

[XHR2] new XMLHttpRequest(anon)

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 16 Feb 2010 16:44:04 +0100
To: "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.u778nqgp64w2qv@annevk-t60>
I introduced a new constructor argument for XMLHttpRequest, named anon.  
This is based on the earlier thread where I suggested that UMP is not  
needed if we make this small enhancement to XMLHttpRequest.

Basically, if the parameter is set to true, the "XMLHttpRequest origin" is  
forced to be a unique identifier, setting a username and password through  
open() will throw an INVALID_ACCESS_ERR, and setting withCredentials will  
likewise throw an INVALID_ACCESS_ERR. All the other desired properties  
follow automatically. (In fact, the changes to open() would not have been  
needed.)


Now we introduced this I wonder if implementors are willing to consider to:

A. Remove withCredentials. The use case for this feature is now rather  
small and I still think it is rather ugly.

B. Also throw an INVALID_ACCESS_ERR for username and password arguments to  
open() when the URL provided is non same-origin. Now they are just  
ignored, but it seems better to throw so people are not confused why  
things are not working.


Feedback would be much appreciated!


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Tuesday, 16 February 2010 15:44:35 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:37 GMT