Re: Beacon feedback

On Fri, May 9, 2014 at 3:35 PM, Arvind Jain <> wrote:
> Just checking if the changes I made are in the right direction. Please let me know.

Okay, given

1) "The sendBeacon method MUST asynchronously transmit data provided
by the data parameter to the resolved URL provided by the url
parameter." duplicates processing requirements later on.
Specifications should avoid duplication like that. Same for "The User
Agent MUST use the POST HTTP method to fetch the url for transmitting
the data." and "All relevant cookie headers MUST be included in the
request. User agents MUST honor the HTTP headers (including, in
particular, redirects and HTTP cookie headers), but MUST ignore any
entity bodies returned in the response."

2) For "To avoid the target confusion security risk, the User Agent
MUST NOT display HTTP authorization prompts as a result of a
sendBeacon method call. " you should probably file a bug on Fetch so
we can make this configurable. Please consider proxy authentication
when you do that.

3) In the processing model I think you should use directly for URL
parsing. You might to throw here if the parsed url's scheme is not
http or https I think, right?

4) In the processing model step 8 there should be no need to do an
origin check. The Fetch Standard takes care of that logic.


Received on Friday, 16 May 2014 13:14:09 UTC