- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sun, 25 May 2008 10:30:01 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: Ian Hickson <ian@hixie.ch>, "public-webapi@w3.org" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>
Anne van Kesteren wrote: > > I changed my mind on several things below. > > On Fri, 16 May 2008 13:37:54 +0200, Anne van Kesteren <annevk@opera.com> > wrote: >> On Fri, 16 May 2008 02:07:57 +0200, Ian Hickson <ian@hixie.ch> wrote: >>> Anne, can you summarise what needs doing to XHR2 and AC to move them >>> forwards to last call? Is there a list of outstanding comments anywhere? >> >> XMLHttpRequest Level 2 >> >> * Depends on XMLHttpRequest Level 1 feedback: >> http://dev.w3.org/2006/webapi/XMLHttpRequest/disposition-of-comments-2 >> * It needs an introduction at some point. (Though not per se for Last >> Call I suppose.) > > This is both still true though I made some progress incorperating > feedback. (Need to make sure everything relevant made XMLHttpRequest 2 > too though. > > >> Access Control for Cross-Site Requests >> >> * Need to deal with Access-Control-Policy-Path normalization > > Done. I think we do need to deal with this. Just leaving it be will I think will cause exploitable servers out there. >> * Need to figure out if we want the server to whitelist >> headers/methods (we had methods before and then dropped it) > > I changed my mind on this. Given the reply from Björn in particular I > don't think there's anything that needs to be done here. I strongly disagree here. Sorry about being slow to reply, will make sure that happens today. >> * Need to figure out if we want the server to opt in to >> cookies/credentials > > I rejected this proposal in another e-mail. Same thing here. / Jonas
Received on Sunday, 25 May 2008 17:31:27 UTC