W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2013

Re: [whatwg] Fetch: crossorigin="anonymous" and XMLHttpRequest

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sun, 17 Mar 2013 09:16:03 +0000
Message-ID: <CADnb78j-igpjcHLBNBzO_FvvbP8fDjacx9tg3gWZrbQ1FuonZA@mail.gmail.com>
To: Jonas Sicking <jonas@sicking.cc>
Cc: WHATWG <whatwg@whatwg.org>
On Sun, Mar 17, 2013 at 1:10 AM, Jonas Sicking <jonas@sicking.cc> wrote:
> On Mon, Mar 11, 2013 at 4:31 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> Preceded the specification? I doubt that. When was it added? The
>> specification was done start of 2010 somewhere based on the
>> requirements coming from UMP:
>> http://lists.w3.org/Archives/Public/public-webapps/2010JanMar/0340.html
> I see that my attempt at focusing on the important issues failed.
> Would you like to debate whether the new syntax constitutes a new
> feature or would you like to debate the technical issues of whether we
> want the a) and b) behavior?

I tried to address both by pointing to UMP which wants both a) and b).
The alternative would be to use <iframe sandbox=allow-scripts> which
exhibits the same behavior given the unique origin (that also blocks
Referer). I believe at least Maciej expressed interest in supporting
the UMP use case.

If anon:true means no more than withCredentials=false we should call
it withCredentials instead as EventSource does at the moment. Although
given XMLHttpRequest already has withCredentials there would be
nothing new in that addition and generally we've refrained from adding
such duplicate features.

Received on Sunday, 17 March 2013 09:16:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:20 UTC