Re: Moving forward with XHR2 and AC

On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <> wrote:
> Anne, can you summarise what needs doing to XHR2 and AC to move them
> forwards to last call? Is there a list of outstanding comments anywhere?

XMLHttpRequest Level 2

* Depends on XMLHttpRequest Level 1 feedback:
* It needs an introduction at some point. (Though not per se for Last Call  
I suppose.)

Access Control for Cross-Site Requests

* Need to deal with Access-Control-Policy-Path normalization
* Need to figure out if we want the server to whitelist headers/methods  
(we had methods before and then dropped it)
* Need to figure out if we want the server to opt in to cookies/credentials

> If there's anything I can do to help I'd be happy to do so. I would like
> to see this draft reach last call this month if possible.

If you have any ideas on how to solve the non-obvious bits of the above  
that would help.


* Discouraging the use of Access-Control-Policy-Path other than with a  
value of / for IIS works for me.

* Adding the Access-Control-Headers and Access-Control-Methods  
conditionals is fine with me.

* I don't think we need to add opt in for cookies/credentials given that  
for GET such requests are already possible and for non-GET there's an  
OPTIONS opt-in request.

Anne van Kesteren

Received on Friday, 16 May 2008 11:38:25 UTC