Re: Beacon feedback from Anne van Kesteren on 2014-05-19 (public-web-perf@w3.org from May 2014)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 19 May 2014 11:16:04 +0200
To: Arvind Jain <arvind@google.com>
Cc: Jonas Sicking <jonas@sicking.cc>, Jatinder Mann <jmann@microsoft.com>, "public-web-perf@w3.org" <public-web-perf@w3.org>, Mike West <mkwst@google.com>
Message-ID: <CADnb78iWjjXDroEh5YmwaXFr0wVqNK5r4MB11LAuZheDXdNP9w@mail.gmail.com>

On Sun, May 18, 2014 at 9:25 PM, Arvind Jain <arvind@google.com> wrote:
> On Sun, May 18, 2014 at 6:00 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> "User agents MUST honor the HTTP headers (including, in particular,
>> redirects and HTTP cookie headers), but MUST ignore any entity bodies
>> returned in the response" is still there.
>
> This one is not mentioned in the processing model (I'm aware that the first
> part of this sentence  that response headers must be honored is redundant
> with Fetch, but the part about ignoring entity body is not). I felt this is
> important to mention. Please let me know if you strongly feel we should
> remove the first part, in which case, I can change it into a Note. So I'll
> keep the "ignore entity body" and move the "honor response headers" to a
> Note. But I like it better the way it is.

How is the second part not covered in Fetch? It does not say user
agents have to do anything with the entity body.


>> Because? Also, you did not answer my question about further
>> restricting this to http/https.
>
> I'll add  "restricting to http/https". Why is the current link to
> "Resolve-a-url" bad?

It seems like a level of indirection that is not warranted.


>> Because?
>
> You asked to file a bug on Fetch. What is the issue with the way we have
> currently written it?

You're doing this: http://annevankesteren.nl/2014/02/monkey-patch

I added a "authentication flag" to Fetch. By default it is unset and
should therefore cover your needs. That is, you can remove the
requirement from your specification and nothing further is required.

Did you look into proxy authentication?


>> Is it okay if the Beacon-Age header can be set by XMLHttpRequest?
>> Should it become a restricted header?
>
> Seems fine. Do I need to do something in this spec about it?

If it needs to be a restricted header you need to file a bug on Fetch.
Otherwise nothing needs to be done.


>> What about CSP? Should we introduce a "ping" request context for <a
>> ping> and sendBeacon()? And a ping-src directive or some such maybe.
>> (Any reason it's sendBeacon() and not sendPing()?)
>
> Seems fine. Again, do I need to do something about it in this spec?

Yes, you need to set the context field of the request to ping.


-- 
http://annevankesteren.nl/

Received on Monday, 19 May 2014 09:16:31 UTC