- From: Óscar Toledo G. <uno@biyubi.com>
- Date: Wed, 19 Jul 2006 19:37:09 GMT
- To: Mark Nottingham <mnot@yahoo-inc.com>
- CC: <public-webapi@w3.org>
> Content-MD5 is not set by most UAs, and so it's useful for the author
> to set it manually. While it may be difficult to calculate (esp. if
> the content is a DOMString), it's certainly possible.
Calculating Content-MD5 inside the UA is a valuable feature,
that removes burden on the user. I suggest two things for the
draft:
* isSupported("hash-md5") method, so the user can check if
his own MD5 script is needed on the transition phase.
* Calculate MD5 automatically if Content-MD5 appears on
setRequestHeader.
> Likewise, From is not normally set by UAs automatically, and it might
> be useful in some contexts.
The From header raises privacy concerns, if the XHR supports
it, the user must be able to disable it.
> I can easily see a case where a library or other XHR application
> might want to append something to the UA header.
I think that the User-Agent must identify unequivocally
software implementing XHR, if it is modified, it can easily
tell incorrect information to the server, specially on
cross-site XHR. Most UA headers already are long enough.
Truly
Óscar Toledo G.
http://www.biyubi.com/
Received on Wednesday, 19 July 2006 19:47:28 UTC