- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 28 Oct 2007 13:41:35 +0100
- To: Henri Sivonen <hsivonen@iki.fi>
- CC: Geoffrey Sneddon <foolistbar@googlemail.com>, HTML WG <public-html@w3.org>
Henri Sivonen wrote: >> I would want the XHR spec to clarify that it's not OK to initiate >> unsafe methods without the user's consent. > > What kind of UI would you suggest for obtaining consent e.g. in a case > where a Web app contains a big editable form and JavaScript saves a > backup copy of the form silently to the server side from time to time to > prevent data loss in case the user navigates away from the page or the > browser crashes? I would argue that this is a workaround for another problem (client-side persistence) and that we should fix that. > ... >> Yes. But the same problem can (and is) already used without "ping", >> and even if you use "ping", you still could do it with a safe method >> (HEAD/Cache-Control:no-cache). > > That might work and could be a tad safer. It isn't in any way > theoretically pure from the RFC 2616 point of view, though, to make HEAD > and GET have different semantics beyond the response body presence. I wasn't suggesting that. Best regards, Julian
Received on Sunday, 28 October 2007 12:41:52 UTC