W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [XHR2] new XMLHttpRequest(anon)

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 17 Feb 2010 09:24:56 +0100
To: "Jonas Sicking" <jonas@sicking.cc>
Cc: "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.u79izuqs64w2qv@annevk-t60>
On Tue, 16 Feb 2010 19:53:22 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> Hmm.. I have three concerns.
> 1. There's a risk of breaking existing content
> 2. I'd fairly strongly prefer to default to *not* sending credentials.

You get that if you use the new constructor.

> It's better that people by default get a simpler security model, and
> if really needed, opt in to getting a more complex one. I wouldn't
> want people to end up setting up the server to accepting requests with
> credentials because they don't know about credential-less requests, or
> because the back end developer is a stronger developer than the front
> end developer and so the team ends up deciding to make the change
> there.

I don't really get the latter justification. The back end can always  
ignore the credentials.

> 3. The new syntax is fairly unintuitive. I would prefer to use a
> separate constructor, like AnonXMLHttpRequest.

Given the limited new functionality I thought it would be best to not  
further clutter the global object.

Anne van Kesteren
Received on Wednesday, 17 February 2010 08:25:29 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:22 UTC