W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [XHR2] Disable new response types for sync XHR in Window context

From: Olli Pettay <Olli.Pettay@helsinki.fi>
Date: Tue, 15 Nov 2011 21:41:26 +0200
Message-ID: <4EC2C066.5080809@helsinki.fi>
To: Jonas Sicking <jonas@sicking.cc>
CC: Anne van Kesteren <annevk@opera.com>, Webapps WG <public-webapps@w3.org>, "olli@pettay.fi" <olli@pettay.fi>
On 11/15/2011 09:33 PM, Jonas Sicking wrote:
> On Tue, Nov 15, 2011 at 4:22 AM, Anne van Kesteren<annevk@opera.com>  wrote:
>> On Mon, 14 Nov 2011 17:55:25 +0100, Jonas Sicking<jonas@sicking.cc>  wrote:
>>>
>>> Yes, I think cross-origin should not work with sync. That is currently the
>>> only synchronous communication mechanism cross origin. Without it a UA
>>> could put up UI if it wants to explicitly allow users to control such
>>> communication.
>>
>> Eww. But you agree with my suggestion about exceptions? I can put that in
>> the specification and push to get it implemented in Opera, but it would help
>> if you said you agreed with the specifics to avoid surprises down the road.
>
> So if I understand the proposal correctly:
>
> After .open has been called with async=false:
> * setting .responseType to anything other than "" throws InvalidAccessError
> * setting .wirthCredentials to true throws InvalidAccessError
>
> Additionally, when calling .open with async=false, throw
> InvalidAccessError if .responseType is set to anything other than ""
> or .withCredentials is true.
>
> If that's the proposal, then this sounds good to me.


Sounds good to me to.
Also, if xhr is sync, accessing .response or responseType could throw



>
> / Jonas
>
>
Received on Tuesday, 15 November 2011 19:42:38 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:48 GMT