W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

[XHR2] new XMLHttpRequest(anon)

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 16 Feb 2010 16:44:04 +0100
To: "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.u778nqgp64w2qv@annevk-t60>
I introduced a new constructor argument for XMLHttpRequest, named anon.  
This is based on the earlier thread where I suggested that UMP is not  
needed if we make this small enhancement to XMLHttpRequest.

Basically, if the parameter is set to true, the "XMLHttpRequest origin" is  
forced to be a unique identifier, setting a username and password through  
open() will throw an INVALID_ACCESS_ERR, and setting withCredentials will  
likewise throw an INVALID_ACCESS_ERR. All the other desired properties  
follow automatically. (In fact, the changes to open() would not have been  

Now we introduced this I wonder if implementors are willing to consider to:

A. Remove withCredentials. The use case for this feature is now rather  
small and I still think it is rather ugly.

B. Also throw an INVALID_ACCESS_ERR for username and password arguments to  
open() when the URL provided is non same-origin. Now they are just  
ignored, but it seems better to throw so people are not confused why  
things are not working.

Feedback would be much appreciated!

Anne van Kesteren
Received on Tuesday, 16 February 2010 15:44:35 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 February 2015 14:36:41 UTC